Targeted Cyber Attacks Against Small Biz: Chat Recap


Last week on July 19th we held a Twitter chat — and achieved a “personal best” for the Small Business Trends community.  Our #SMBchat made it as the top trending topic on Twitter.  And we’ve got the screenshot to prove it!  Thanks to all who participated and made it a huge success.

#SMBchat a Top Twitter Trending Topic

The topic was “Targeted Cyber Attacks, No Longer a Big Biz Problem” and we were fortunate to have two world-class security experts from Symantec join us:

Many thanks to Symantec for making the experts available and for sponsoring this chat!

As usual, we bring you a sampling of some of the interesting and insightful tweets.  Yours truly, Anita Campbell (@Smallbiztrends) was asking the questions of our expert guests and the community:

Q1: How likely is it that a small business will face a malicious cyber attack?

  • 36% of all cyber attacks target small businesses. Poll by @Symantec PDF here: http://t.co/hAhGY1xg  – @TJMcCue
  •  50% of SMBs think they’re not a target for cyber attackers, but 73% have been victims of cyber attacks: http://t.co/Vr5Ym3uU  – @SymantecSMB
  • Can it be 100% likely? Isn’t it already happening?  – @DIYMarketers
  • Extremely likely. Just looking at WordPress-based sites, 78% sites old versions. All things insecure out of the box insecure.  – @dynamicnet
  • I’ve had to alert 3 clients that their Websites were hacked. They didn’t know because it’s not their homepage! – @PeggyDuncan
  • Symantec blocked more than 5.5 billion attacks in 2011, an increase of 81 percent over the previous year – @SymantecSMB

Q2: What are the most common types of malicious cyber attacks that small businesses face?

  • Interesting things happening with targeted attacks. They’re becoming everyone’s problem, not just govs. & enterprises – @SymantecSMB
  • My email account was hacked and I might need to stop using it because I can’t get it fixed…. – @BasicBlogTips
  • Malware comes attached in spam. But Web-based attacks, drive-by downloads: http:/bit.ly/LwyWTV are very prevalent. – @KPHaley
  • Increased data usage means everyone is challenged to apply secure processes. Threats to bigbiz = threats to smallbiz  – @ZimanaAnalytics
  • Once you get hacked, spammers use your site as the staging ground for their spam efforts. – @robert_brady

Q3: If small businesses use Macs, instead of PCs, do they need to worry about cyber attacks and malware? Why or why not?

  • SMBs using Macs must take steps to protect info: http://bit.ly/Q2MyIc  – @KPHaley
  • I have Mac and I am not very worried after I checked if I had the Flashback malware. But I will look out for a good protection. – @Lyceum
  • Mac users as well as PC users are both targets. Just this year alone, Mac has been heavily targeted by malware and virus – @dynamicnet
  • Virtualization software for running Windows on a Mac can be just as vulnerable as a PC  – @ZimanaAnalytics
  • From a security standpoint treat your Mac like a PC, protect it.  – @KPHaley
  • Shortened links make it tough to know where you’re going to land. Malware authors love that too. – @KPHaley

Q4: What are the top steps SMBs can take to stay safe from Internet-based threats?

  • Deploy reliable security solution on both Windows and Mac endpoints. Keep security software & OS updated with latest patches. – @SymantecSMB
  • I like 7 Tips for Protecting SMB’s Information: http://bit.ly/Q2MyIc Nice overview. – @KPHaley
  • Keep site applications up to date. Use secure, unique per application passwords – http://t.co/NzZYDJpv might help. – @dynamicnet
  • Make sure you back up your website AND your computer network – to more than one device or service. – @HowardLewinter
  • Educate employees about Internet safety, train to be wary of email attachments, links from unknown sources – @SymantecSMB
  • Bad guys [are] like roaches, they run when light shined on them. Lists get out of date quickly. – @KPHaley

Q5: What is a “Comprehensive Security Plan” and how does a small biz create one?

  • SMBs first need to know what they need to protect. It’s important to understand your risk and assess your security gaps – @KPHaley
  • Your security plan should include password polices, endpoint protection, secure email and Web assets, encryption and backup. – @KPHaley
  • Plan should include how when (since nothing is hacker proof) hacks, malware, etc. get in, then what (time, money)? – @dynamicnet
  • If the bad person knows you use just one centralized system.. you now made their life so much easier. Layers matter.  – @dynamicnet
  • #SMBChat is happening right now on SMB security, worth following the conversation. – @Bislr

Q6: What if despite prevention efforts, your business gets hit with a malware attack. What steps should you take to recover?

  • Encourage employees to come forward immediately if they spot a virus or malware, rather than try to resolve it themselves. – @SymantecSMB
  • Hopefully you have been maintaining a proper backup. Then you can roll back to previous. – @robert_brady
  • Assess the damage. Determine reporting requirements. Report as applicable. Recover, Debrief for what needs to improve. – @dynamicnet
  • @robert_brady Great point about backup! If infected roll back to last known good backup. – @SymantecSMB
  • 61 percent don’t even have a written plan, according to @Symantec – so, do that first to have a security process.  – @TJMcCue
  • In the same thought, 1 in 10 SMBS have suffered from a data hack http://www.darkreading.com/smb-security/167901073/security/news/240003962/one-in-10-smes-have-suffered-from-a-data-hack.html  – @port80software

Q7: Passwords are a problem, especially as cloud apps grow all requiring passwords. What are some best practices?

  • Strong passwords have 8 characters or more and use combination of letters, numbers & symbols. – @KPHaley
  • People like to use the same password to access personal & business resources. Do NOT re-use passwords. – @KPHaley
  • Passwords should be unique per application. http://t.co/NzZYDJpv might help for how to create passwords. – @dynamicnet
  • Bad guys love re-used passwords. – @KPHaley
  • We require auto password changes every 90 days. Employees cannot share password info – @BasicBlogTips
  • At BARE minimum, have strong email & banking passwords different from each other & social media passwords – @CathyWebSavvyPR

Q8: If you don’t have internal IT or have limited staff, how do you get help for your biz?

  • Cloud-managed security is a great option for SMBs with limited IT staff. Learn about Symantec’s SMB: http://bit.ly/NfVHN9 – @SymantecSMB
  • Most infections can be prevented by adhering to organizational policy and exercising caution, so employee training is critical. – @SymantecSMB
  • Small biz with no it can often get help from chamber of commerce, fellow small biz, why even twitter. However, confirm facts. – @dynamicnet
  • Cloud-managed security is great option 4 SMBs w limited IT staff.  – @DIYMarketers
  • Make sure you’re working with an expert BEFORE you have a problem – not just cyber issues but anything that’s important 2 biz. – @HowardLewinter
Wrap up:
  • Great to see #SMBChat trending  – @michaelsharkey
  • Thanks for the #SMBchat security discussion – @NoahJS
  • We enjoyed reading all the commentary during the #SMBChat It’s great to see people connecting and discussing  – @BusinessDotCom
  • Tip: If you liked what someone said on a chat, follow them, connect later this week; cld be yr next client or biz partner!  – @CathyWebSavvyPR

See also the recap on the Symantec blog.

Note:  to make the recap easier to read, tweets above have been edited to remove redundant information, such as hashtags and answer numbers, and fix obvious misspellings.  The above represents only a small portion of the tweets — it is intended to cover key highlights for reader convenience.


More in: 6 Comments ▼

Anita Campbell Anita Campbell is the Founder, CEO and Publisher of Small Business Trends and has been following trends in small businesses since 2003. She is the owner of BizSugar, a social media site for small businesses.

6 Reactions
  1. This may have been one of the most useful posts I have seen for Small Business facing security issues. Great post!

  2. Martin Lindeskog

    Anita: Thanks for the recap! It was great to participate in the chat. Thanks for including my tweet on Mac security:

    I have Mac and I am not very worried after I checked if I had the Flashback malware. But I will look out for a good protection. – @Lyceum

    I look forward to the next Twitter chat! 🙂

    • Glad you could participate, Martin! You always have something insightful or useful to share….

      – Anita