How did the bad guys hack into Target and steal confidential information for more than 50 million accounts in 2013? Did Target have lax cybersecurity? No way. But one of its small business vendors sure did.
It turns out that the cybercrooks knew that they could not get past Target’s firewalls and online security systems, but that they also knew that most small businesses have no such similar security. So they infected the computers of one of Target’s small business vendors, and when the vendor logged into the Target system, the virus was spread.
Every January over at my USA TODAY column, I share what I see to be the top trends for small business for the upcoming year. In the past few years, not surprisingly, the top trends have been things like the emergence of mobile, social media, and the end of 9 – 5 work.
But not this year.
This year, there’s a new kid on the block, and he’s a bully: The top trend which small businesses need to be aware of right now is not Facebook and it’s not the sharing economy, it is this issue of cybersecurity. Or, more specifically, the lack of it. According to the Center for Strategic and International Studies, cybercrime creates a $100 billion annual loss to the U.S. economy and according to one expert, “it’s the biggest crime spree in the history of America.”
What’s worse is that the bad guys know that small businesses have neither the expertise nor resources to fight them. Indeed, whereas Fortune 500 businesses have scores of experts that do nothing but online security, the typical small business is lucky if it has a part-time IT guy.
That is why the latest statistics show that more than 60% of all cybercrime is now directed at small business.
How does a small business get had by cybercrooks? Let me count the ways:
- You might be knocking around on Facebook and a “friend” posts, “check out this cool lost Michael Jackson video!” You then click on the infected link, and bam, you are had. Key-logging software is serriptiously installed on your computer and the crooks can log your keystrokes when, say, you visit your bank online.
- Or one of your employees receives an email saying that some software he uses needs a security upgrade. Being the diligent employee that he is, he surfs over to the site in the email, and unknowingly downloads malware.
- Or all of a sudden your computer freezes up and you can’t access you files unless you pay the crooks $500. Yes, this is the infamous “Cryptolocker” virus, and it’s all too real.
- Or someone physically breaks into your office and steals a laptop containing all of your customer accounts.
You get the idea. So, what do you do and how can you protect yourself and your business? Here are four solid strategies:
- Regularly review your company credit report: Often, cybercrime is only noticed after the worst case scenario occurs, but there are usually lots of little hints along the way, and the best way to notice any irregularities is by keeping close tabs on your business credit.
- Get cybersecurity software: There are many types and versions; it would behoove you to get the best suite of protection you can afford. (And make sure that it protects your mobile devices too.)
- Back up: If you are ever hit by Cryptolocker, or some other nefarious bug, you will be very happy if you have a recent backup of your files.
- Train your team: Experts warn that unwitting employees are often the ones who get duped because they don’t know proper protocols, so it is incumbent on you to teach them how and when to download software, how to spot suspicious files and attachments, and so on.
Bottom line: Be careful out there.