We hear horror stories about how corporations’ computer systems or financial data are hacked into, leaving quite a mess to clean up. Unfortunately, as a small business owner, you’re not immune to data breaches, reports PropertyCasualty360. The sad fact is, many of the virtual attacks can be prevented, but only 27 percent of small businesses actually test their data security, Newtek Business Services data shows.
Waiting until after an attack is a poor time to decide you need a firewall!
Verizon issues an annual data breach investigation report. In this year’s report, we were amazed to find out that 96 percent of breaches were avoidable through simple or intermediate controls. These aren’t highly complex technical attacks, and they’re certainly ones that can be prevented.
Where It’s Happening
Chris Porter, principal on Verizon’s risk team, shared a few real-life scenarios with us (without disclosing company names) as examples of small businesses that are suffering from data breaches.
One small restaurant in New York City was attacked by an organized crime external hacker, resulting in its customers’ credit card data being compromised. By installing customized malware, the attacker could capture keystrokes or card-swipes on the point-of-sale terminals, getting access to debit and credit cards. The software also collected the stolen credit card numbers. The restaurant found out about the breach when its bank notified the restaurant that it had been flagged for fraud.
How This Could Have Been Prevented: Porter says that preventing this type of data breach is fairly simple:
“Companies should ensure there is a firewall in place that protects remote services to only the IT management firm’s network. Change all default and attributable passwords to something more complex and not easily guessable.“
If an employee leaves the company, change passwords they had access to. And if you outsource point-of-sale management, make sure the firm you work with has controls in place to prevent breaching.
Even small banks aren’t immune to attacks. A credit union in California was attacked via email, leading to an intrusion. Porter says they’ve seen Excel or PDF attachments on emails that appear to be from UPS. These emails ask the recipient to verify package delivery, but instead install malware on the computer where the email is opened. Malware can steal credentials to bank accounts and get access to sensitive information. The unauthorized banking transactions caused by the hack were discovered the next day by an employee.
How This Could Have Been Prevented: Email is tricky, especially if you’re used to getting emails from people you don’t know. Instruct your staff not to open attachments or click links if they’re unsure of the origin.
Porter also says:
“It is advisable to have the workstation used for banking or wire transfers on a segregated network. If this is not possible, make sure that the system isn’t used for regular Web browsing or social networking.”
Are You Protected Against a Data Breach?
The advice for businesses is pretty clear cut. You should back up your data often. Use anti-virus protection on your PC. Install a firewall. Change passwords regularly. But often this sort of thing slips through the cracks for overcommitted small business owners. And the fact that most of us don’t have an IT department means that often, anything security-related is not high priority.
But waiting until after the fact to beef up your virtual security may be too late; data breaches can bring stress, headaches and unwanted publicity to your company. Do you really want to be known as the company that doesn’t value its customers’ information enough to protect it?
Work to train your staff to be diligent when opening email, and to review transactions and files for potential tampering or fraud. Encrypt any sensitive data to make it harder to hack. Make sure you’re on top of changing passwords when employees (especially those who hold a grudge) leave your team.
Just an ounce of prevention now can save you a pound of hurt later.