Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Why small business is a prime target for hackers

Don't hide behind security through obscurity

Article comments

If you run a small business, and think that none of your data was of interest to a hacker, consider this: what if a hacker could take stolen bank account or credit card information from your computer and package it with the same information from a hundred or a thousand other small businesses? Would it be worth something then?

"SMBs don't know how defenseless they've become, especially to automated and industrialised attack methodologies by organised crime," Christopher Porter says. Porter, a principal with the Verizon RISK Team, is the author of a new report from Verizon on security risk.

"[Hackers] scan the Internet, looking for remote access services, and then try the default credentials. Once they gain access, they automatically install keyloggers to collect password information [as it's typed in]," Porter says. "Then they send the information it out via email or by uploading it to an FTP server or a website. They aggregate the data and sell it on the black market."

Hackers could use the keylogger to figure out how access and drain a small business' bank account, but more commonly, Porter said, they'll target point-of-sale systems, as four Romanians did recently. "That kind of attack is increasing, because they're low risk and low-cost attacks for organised crime." Because they're geographically widespread, it's hard for any one police department to follow up.

But if small businesses are increasingly vulnerable, Porter characterised the tactics they should employ in response as "quite simple".

If you have a point-of-sale system, make sure to change the password from the default it came with. It shouldn't be microsmicros or alohaaloha," citing two common POS systems. "The problem is that when small businesses think about their POS system, they worry about whether it's going to be available when they sell the shirt or charge for the burger," Porter says. "They're not worried about confidentiality. They're worried about margins."

The fifth annual Verizon 2012 Data Breach Investigations Report, produced in conjunction with the United States Secret Service, the Dutch National High Tech Crime Unit, the Australian Federal Police, the Irish Reporting & Information Security Service and the London Metropolitan Police's cybercrime unit, reveals seventy-nine percent of attacks represented in the report were opportunistic.

Of all the attacks the report studied, it found 96 percent were not difficult to achieve and 97 percent were avoidable, "without the need for organizations to resort to difficult or expensive countermeasures."

What does the Verizon report recommend small businesses do? The report cites three simple things:

  • Use a firewall. Install and maintain a firewall on Internet-facing services to protect data. Hackers cannot steal what they cannot reach.
  • Change default credentials. Point-of-sale (POS) and other systems come with pre-set credentials. Change the credentials to prevent unauthorised access.
  • Monitor third parties. Third parties often manage firewalls and POS systems. Organisations should monitor these vendors to ensure they have implemented the above security recommendations, where applicable.

In addition, Porter recommends some other simple steps:

  • Educate your staff, especially in regard to social phishing. "Set up policies, and then make sure they're being followed. The weakest link in security will always be the carbon-based life form."
  • Follow through on what you've bought. "Businesses spend a lot of money on security technology, but then they don't configure them properly, or ignore the reports. A well-tuned intrusion detection system that's tailored to your environment is a powerful tool for finding hacking incidents on the network."
  • Think about security frequently, not just when you're being audited. "Check the logs of your Windows OS system, your POS system, and your security software." If that represents too big a time commitment, then hire someone to do it. Don't ignore them.

Porter stresses that, in most cases, these infiltrations are targets of opportunity. If small business follows the simple procedures outlined, they're less likely to be targeted. "The criminals will pass right by you."


More from Techworld

More relevant IT news


RayW said: Every Small and for that matter Large Business can very easily fully protect themselves from hackers phishers and fraudsters by signing-up for Cryptoexpress the only 100 secure communications package available Get an account now before all governments ban secure communications as they all want to spy on you and it wont be long before they get into industrial espionage activitiesCryptoexpress believes you are entitled to your privacy and confidentiality at all times

Eric said: Hackers stole credit card data from 200 businesses over three years and racked up Small business owners who think that theyd never be the target of cybercrime

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *