If you think hackers aren’t attacking small firms? Think again.
This past summer the Wall Street Journal posted an article about a small firm, City Newsstand Inc. located near Chicago owned by Joe Angelastri. Joe’s News Stand is a small business and his thoughts prior to experiencing the breach were “Who would want to break into us?” and “Were not running a bank”. With limited budgets and no technical experts on staff small businesses generally have weak security. As a security advisor I fully agree with this comment, over the past seven years we have performed many security audits and rarely do we even find the basics in place and working correctly. We never find any advanced security, even at some of the banking clients we have worked with.
Mr. Angelastri has already incurred a $22,000 loss due to the breach but this is just the beginning of his headaches, both emotionally and financially. The worst is yet to come. There will be ongoing pressure from MasterCard, Mr. Angelastri will likely make some investments in his security (arguably should have already been done) and his clients might not trust his business and might make purchases at his competitors newsstands instead.
Here are two more stories involving small businesses
The fact that there are so many types of security threats makes it difficult
for small firms to protect themselves. In April, the FBI issued an alert
about a style of attack in which hackers steal a business's online banking
login details and use them to transfer funds out of the business's account.
That's what happened to Lease Duckwall just after 1 p.m. on Nov. 2, when
someone logged into his company's bank account for Green Ford Sales
Inc. in Abilene, Kan. The hacker added nine new employees to the car
dealership's payroll and transferred $63,000 to them.
Mr. Duckwall learned about the transfers at 7:45 a.m. the next day. He
called his bank, which froze the funds in six cases. But three payments
had already been withdrawn by the recipients and the cash wired offshore.
"I don't have a clue" how or why his company was targeted, says Mr.
Duckwall, who is still out about $22,000.
The costs of a breach can put a small company out of business. In 2006 and 2007, a Bellingham, Wash., restaurant called Burger Me LLC had its computerized cash register hacked.
Criminals made untold numbers of fraudulent charges on customer credit cards.
After the incident, a credit-card company shut down Burger Me's account and put a hold on thousands of dollars in incoming payments, says Rich Griffith, its former owner. By late 2008, fees and lost business from not being able to accept credit cards put Mr. Griffith in so much debt—$12,000 for investigation and remediation costs alone—that he closed his formerly break-even burger joint.
The cyber attack "cost me my dream," says Mr. Griffith, 47 years old. The hacker who stole the data was never identified.
Want to find out if your business is at risk?
Click below
