Why Your Business Might Be a Perfect Target for Hackers

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.inc.com/magazine/201312/john-brandon/hackers-target-small-business.html

For many years, the average American small business was an unlikely target
for a sophisticated cyberattack. Fewer financial resources and a relatively
unknown brand worked in your favor to ward off hackers. Not anymore.

The dam has broken for small companies when it comes to security. Jeremy
Grant, an adviser at the Department of Commerce’s National Institute of
Standards and Technology, says in the past two years he has seen "a
relatively sharp increase in hackers and adversaries targeting small
businesses."

According to the security company Symantec, cyberattacks on small
businesses rose 300 percent in 2012 from the previous year.

Smaller companies are attractive because they tend to have weaker online
security. They’re also doing more business than ever online via cloud
services that don’t use strong encryption technology. To a hacker, that
translates into reams of sensitive data behind a door with an easy lock to
pick. If you have any Fortune 500 companies as customers, you’re an even
more enticing target--you’re an entry point.

Worse, the laws safeguarding commercial bank accounts aren’t as strong as
those for personal accounts. Banks won’t always reimburse businesses whose
accounts get hacked, especially if a bank can prove its security meets
federal guidelines, but the business’s isn’t up to snuff. (Individuals
aren’t expected to have strong security in place.)

Patco Construction, based in Sanford, Maine, learned this the hard way when
hackers siphoned $588,000 from its bank account in 2009 and its bank
refused to reimburse the full amount. Patco sued the bank and finally won
after two appeals. The court ruled that despite the bank’s security, it
should have caught the suspicious transactions.

So what can you do about the growing threat of hackers? First, put in place
the best tech barriers you can afford, like a cloud-based security app.
Then patch your biggest vulnerability: your people, says Chris Hadnagy,
founder of security training firm Social-Engineer.

Teach employees not just to devise smarter passwords and spot sketchy
emails but also to think critically about their online actions. "If you
just want people to follow the rules--don’t think, just do--you create an
easy environment for [hackers]," he says.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!