Small Business Cyber Attacks Increasing
Cyber attacks on small businesses have been on the rise for the past four years. Having been thwarted by increased security measures that larger firms can afford many cyber thieves have now turned to small business that are far less likely to take such precautions. In fact, of all the cyber attacks worldwide last year, 43% were carried out against companies that had less than 250 employees.
In a statement Steve Chabot, a Republican Representative from Ohio and the Chairman of House Small Business Committee, said, “The owners, employees and customers of America’s 28 million small businesses need to have confidence that their data is secure.” He went on to say, “With all of the uncertainty facing small businesses in today’s world of e-commerce, it will take vigilance by all federal agencies and the watchful eye of this [Small Business] Committee to ensure the data of small businesses and individual Americans remains secure.” Unfortunately the problem is that the federal government doesn’t exactly have a flawless record when it comes to cyber security either. One example cited during the hearings was an IRS application launched in 2014 called Get Transcript that cyber criminals were able to access and steal data from hundreds of thousands of taxpayers. During the hearings it also came to light that the Small Business Administration’s (SBA) own system contained serious weaknesses.
One of the most common forms of cyber attack on small business comes from what’s known as phishing. As of 2013 over 7,000 companies in the U.S. had been victimized by phishing scams with damages exceeding $740 million. Rick Snow, the owner of a go-kart racing business in Maine and victim of phishing told the committee, “Phishing can happen to anyone, phishing attacks are meant to scare you and make you act without thinking, given the right circumstances, anyone can be lured by them. I am certainly no exception.”
In addition to phishing attacks small business owners need to be aware of the growing threat of ransomware. There are number of different strains of ransomware but the common element is the encryption of a computer’s files after infection. Once the files have been encrypted they can’t be accessed without a decryption key. Typically once a user gets infected they will receive an email demanding payment AKA “ransom” for the key to unlock the files.
Ransomware is by no means limited to small businesses. A number of major hospitals have been infected recently and they have resorted to paying off the cyber criminals in order to gain access to their files. Even technologically sophisticated companies can fall prey to these attacks. Fortunately there are some simple precautions that business owners can take to avoid paying off the cyber criminals. For example having an up to date backup of your files can mitigate the damage of caused by ransomware such as Cryptowall.
Although it can be costly and difficult for small businesses to protect themselves again all cyber threats knowing that the possibility of being attacked exists could help you identify attempts to steal your information. One of the best things you can do is know how to identify potential phishing e-mails and ensure that your team is aware of these signs as well. If you as a small business owner aren’t already taking cyber security seriously now is the time to do so.