Targeted Cyber Attacks Against Small Biz: Chat Recap

Last week on July 19th we held a Twitter chat — and achieved a “personal best” for the Small Business Trends community.  Our #SMBchat made it as the top trending topic on Twitter.  And we’ve got the screenshot to prove it!  Thanks to all who participated and made it a huge success.

#SMBchat a Top Twitter Trending Topic

The topic was “Targeted Cyber Attacks, No Longer a Big Biz Problem” and we were fortunate to have two world-class security experts from Symantec join us:

Many thanks to Symantec for making the experts available and for sponsoring this chat!

As usual, we bring you a sampling of some of the interesting and insightful tweets.  Yours truly, Anita Campbell (@Smallbiztrends) was asking the questions of our expert guests and the community:

Q1: How likely is it that a small business will face a malicious cyber attack?

  • 36% of all cyber attacks target small businesses. Poll by @Symantec PDF here:  – @TJMcCue
  •  50% of SMBs think they’re not a target for cyber attackers, but 73% have been victims of cyber attacks:  – @SymantecSMB
  • Can it be 100% likely? Isn’t it already happening?  – @DIYMarketers
  • Extremely likely. Just looking at WordPress-based sites, 78% sites old versions. All things insecure out of the box insecure.  – @dynamicnet
  • I’ve had to alert 3 clients that their Websites were hacked. They didn’t know because it’s not their homepage! – @PeggyDuncan
  • Symantec blocked more than 5.5 billion attacks in 2011, an increase of 81 percent over the previous year – @SymantecSMB

Q2: What are the most common types of malicious cyber attacks that small businesses face?

  • Interesting things happening with targeted attacks. They’re becoming everyone’s problem, not just govs. & enterprises – @SymantecSMB
  • My email account was hacked and I might need to stop using it because I can’t get it fixed…. – @BasicBlogTips
  • Malware comes attached in spam. But Web-based attacks, drive-by downloads: http:/ are very prevalent. – @KPHaley
  • Increased data usage means everyone is challenged to apply secure processes. Threats to bigbiz = threats to smallbiz  – @ZimanaAnalytics
  • Once you get hacked, spammers use your site as the staging ground for their spam efforts. – @robert_brady

Q3: If small businesses use Macs, instead of PCs, do they need to worry about cyber attacks and malware? Why or why not?

  • SMBs using Macs must take steps to protect info:  – @KPHaley
  • I have Mac and I am not very worried after I checked if I had the Flashback malware. But I will look out for a good protection. – @Lyceum
  • Mac users as well as PC users are both targets. Just this year alone, Mac has been heavily targeted by malware and virus – @dynamicnet
  • Virtualization software for running Windows on a Mac can be just as vulnerable as a PC  – @ZimanaAnalytics
  • From a security standpoint treat your Mac like a PC, protect it.  – @KPHaley
  • Shortened links make it tough to know where you’re going to land. Malware authors love that too. – @KPHaley

Q4: What are the top steps SMBs can take to stay safe from Internet-based threats?

  • Deploy reliable security solution on both Windows and Mac endpoints. Keep security software & OS updated with latest patches. – @SymantecSMB
  • I like 7 Tips for Protecting SMB’s Information: Nice overview. – @KPHaley
  • Keep site applications up to date. Use secure, unique per application passwords – might help. – @dynamicnet
  • Make sure you back up your website AND your computer network – to more than one device or service. – @HowardLewinter
  • Educate employees about Internet safety, train to be wary of email attachments, links from unknown sources – @SymantecSMB
  • Bad guys [are] like roaches, they run when light shined on them. Lists get out of date quickly. – @KPHaley

Q5: What is a “Comprehensive Security Plan” and how does a small biz create one?

  • SMBs first need to know what they need to protect. It’s important to understand your risk and assess your security gaps – @KPHaley
  • Your security plan should include password polices, endpoint protection, secure email and Web assets, encryption and backup. – @KPHaley
  • Plan should include how when (since nothing is hacker proof) hacks, malware, etc. get in, then what (time, money)? – @dynamicnet
  • If the bad person knows you use just one centralized system.. you now made their life so much easier. Layers matter.  – @dynamicnet
  • #SMBChat is happening right now on SMB security, worth following the conversation. – @Bislr

Q6: What if despite prevention efforts, your business gets hit with a malware attack. What steps should you take to recover?

  • Encourage employees to come forward immediately if they spot a virus or malware, rather than try to resolve it themselves. – @SymantecSMB
  • Hopefully you have been maintaining a proper backup. Then you can roll back to previous. – @robert_brady
  • Assess the damage. Determine reporting requirements. Report as applicable. Recover, Debrief for what needs to improve. – @dynamicnet
  • @robert_brady Great point about backup! If infected roll back to last known good backup. – @SymantecSMB
  • 61 percent don’t even have a written plan, according to @Symantec – so, do that first to have a security process.  – @TJMcCue
  • In the same thought, 1 in 10 SMBS have suffered from a data hack  – @port80software

Q7: Passwords are a problem, especially as cloud apps grow all requiring passwords. What are some best practices?

  • Strong passwords have 8 characters or more and use combination of letters, numbers & symbols. – @KPHaley
  • People like to use the same password to access personal & business resources. Do NOT re-use passwords. – @KPHaley
  • Passwords should be unique per application. might help for how to create passwords. – @dynamicnet
  • Bad guys love re-used passwords. – @KPHaley
  • We require auto password changes every 90 days. Employees cannot share password info – @BasicBlogTips
  • At BARE minimum, have strong email & banking passwords different from each other & social media passwords – @CathyWebSavvyPR

Q8: If you don’t have internal IT or have limited staff, how do you get help for your biz?

  • Cloud-managed security is a great option for SMBs with limited IT staff. Learn about Symantec’s SMB: – @SymantecSMB
  • Most infections can be prevented by adhering to organizational policy and exercising caution, so employee training is critical. – @SymantecSMB
  • Small biz with no it can often get help from chamber of commerce, fellow small biz, why even twitter. However, confirm facts. – @dynamicnet
  • Cloud-managed security is great option 4 SMBs w limited IT staff.  – @DIYMarketers
  • Make sure you’re working with an expert BEFORE you have a problem – not just cyber issues but anything that’s important 2 biz. – @HowardLewinter
Wrap up:
  • Great to see #SMBChat trending  – @michaelsharkey
  • Thanks for the #SMBchat security discussion – @NoahJS
  • We enjoyed reading all the commentary during the #SMBChat It’s great to see people connecting and discussing  – @BusinessDotCom
  • Tip: If you liked what someone said on a chat, follow them, connect later this week; cld be yr next client or biz partner!  – @CathyWebSavvyPR

See also the recap on the Symantec blog.

Note:  to make the recap easier to read, tweets above have been edited to remove redundant information, such as hashtags and answer numbers, and fix obvious misspellings.  The above represents only a small portion of the tweets — it is intended to cover key highlights for reader convenience.


Anita Campbell Anita Campbell is the Founder, CEO and Publisher of Small Business Trends and has been following trends in small businesses since 2003. She is the owner of BizSugar, a social media site for small businesses.

6 Reactions
  1. This may have been one of the most useful posts I have seen for Small Business facing security issues. Great post!

  2. Martin Lindeskog

    Anita: Thanks for the recap! It was great to participate in the chat. Thanks for including my tweet on Mac security:

    I have Mac and I am not very worried after I checked if I had the Flashback malware. But I will look out for a good protection. – @Lyceum

    I look forward to the next Twitter chat! 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *