Many small business owners believe that cyber attacks will never happen to them. And, to be sure, it’s still unlikely that any given SMB will be compromised – we’re not trying to be alarmist. But the threat against small businesses is growing, and the consequences are monumental.
Cybercrime costs individuals and businesses trillions of dollars each year, but the focus has shifted heavily towards small businesses. Verizon’s 2018 report on Data Breach Investigations estimates that 58% of all cyber attacks occur against businesses with fewer than 250 employees. Why? Small businesses are less apt to allocate a large budget to their cybersecurity, and the potential payoff is still large with many SMBs. So let’s look at how criminals are targeting businesses and some ways that you can protect your small business from a cyber attack.
We typically only hear about cyber attacks on big businesses like Target, Sony, and Equifax, to name a few. But don’t let that mean that smaller businesses should let their guard down. The vast majority of cyber attacks still come against small businesses. And they occur, they are often utterly devastating. Research into cybersecurity by the Better Business Bureau suggests that more than half of all cyber attacks cost businesses over half a million dollars. And only 35% of businesses believe that they could survive a full cyber attack.
The most immediate consequence is the cost required to fix the problem. In many cases, cybercriminals request an immediate “ransom” to be paid in order to recover compromised information. These amounts are often tens of thousands of dollars.
A more indirect cost is the downtime following the attack. Compromised businesses must shut down most operations after being attacked. Target, for instance, lost a total of nearly $300 million due to its data breach. A large portion of that was due to lost sales immediately following the intrusion.
Finally, businesses are subject to recouping losses incurred by the customers. If the cyber attack targets customer credit card data or other financial information, the business is responsible for repaying any losses and covering federal fines. This can also prove extraordinarily costly.
While Target’s losses aren’t representative of what an average small business stands to lose from a cyber attack, remember that even a fraction of that amount will shut the doors of many businesses.
So how do the cybercriminals do it, you may be wondering. It’s important to understand the major methods used in cyber attacks to protect your business from them. As always, identifying and understanding threats to your business is key to your success.
- Wire Transfers
- Unprotected Mobile Devices
This method comes through various paths: email, phone, or text messaging most commonly. The criminals will lure victims by pretending to be a legitimate salesperson, often as some sort of technical support provider. Their goal is to coax sensitive information out of you, such as banking data, passwords, and other personal information. Beware of those who sound too urgent or pushy. Salespeople might be aggressive but they’re rarely rude or easily flustered. Also, watch out for offers that sound too good to be true; they usually are.
2. Wire Transfer Requests
Cybercriminals also resort to writing fake emails that appear to be from people within your company. Known as “email spoofing,” they can easily make it seem like a malicious email is coming from a harmless source. The advent of LinkedIn and other business profile platforms has made this even easier. The email will typically request a money transfer for a legitimate-sounding business operation. What makes this method particularly frustrating is that it doesn’t require that you divulge any sensitive information.
This method encrypts business data until the attacker receives a ransom fee. Most often, the encryption data is found in an email link or attachment, or in an online ad. What makes this type of cyber attack dangerous is that they usually appear as totally harmless emails or ads. The criminals even run legitimate paid ad campaigns but hide the ransomware code so that it appears to be a normal, harmless ad. Whatever you do, don’t pay the ransom; in many cases even paying the fee won’t get your code decrypted.
4. Mobile Devices
With so many business operations moving into the cloud, employees are completing more work remotely and from foreign wifi connections. From most public connections, data is sent unencrypted. This means that any vulnerable areas can easily be penetrated and important information is compromised. Beware of networks that don’t require a password, only access secure “https” websites, and don’t allow any sharing.
While it is impossible to completely protect your business from cyber threats, there are some basic practices that will add significant security to your operation.
- Train Your Employees
- Update All Software Often
- Secure Your Internet Connection
- Keep Access to Computers Controlled
- Consult Your Payment Processor
1. Train Your Employees
Start by making sure everyone working at your business is on the same page. Create a manual for all new employees and list out all best practices that include what to watch out for and how to respond. Institute strict password and internet use policies with appropriate penalties for violations attached.
2. Update All Software Often
Keep your computers and other technology up to date. That means updating all software – security, browser, and OS – when you’re prompted to. This goes for your eCommerce site, too. Keep your website safe from fraud.
3. Secure Your Internet Connection
Make it difficult for people to access your wifi. Change passwords and network names often, and create a separate guest network for customers or visitors.
4. Keep Access to Computers Controlled
Make sure that only the proper employees can access computers that have deeper levels of access. This is especially the case with laptops since they are more easily stolen or lost. Also, create unique employee accounts for login to any computer.
5. Consult Your Payment Processor
Discuss possible breaches in security with your credit card processor. They should have anti-fraud capabilities with their hardware that helps prevent credit card information theft.
Most businesses don’t know how much a point of sale system can help protect their business, but there are several features to inquire about when shopping for a new solution.
1. Tokenization with Your Payment Processing
First, find out if the software is out of scope, meaning that credit card data goes from the terminal straight to the payment processor. This means that no credit card information is ever stored on the point of sale itself. The software uses tokenization to encrypt sensitive data so even if a cybercriminal is able to locate the tokens, the encryption makes them useless. It’s important that your POS also helps minimize costly chargebacks.
2. Cloud-Based Remote Servers
Next, look for a secure cloud-based system that uses remote servers. This ensures that you never have important business data stored on site. Not only does this prevent credit card theft, but it also protects your store from losing critical business data. If stock lists, sales, tax information, etc. are stored on on-site hardware, a store break-in can become much more costly.
3. Get a Unique Operating System
Finally, inquire about hardware options. KORONA’s hardware, for instance, comes with a unique operating system. It runs on Linux and prevents access to any superfluous browsing or downloading. Employees can never accidentally download malware through extensions, apps, links, or attachments. Data breaches are often caused by internal mistakes, but the right point of sale hardware helps minimize the opportunities.
These features are important for any retailer, from large operations to mom and pop shops. Cyber attacks are stressful, threatening, and extremely costly. If customer credit card information is stolen, most businesses will face fines so high that they will be forced to shut down. Protect your business from needless catastrophe without having to spend a lot of money (in fact, there is a lot of affordable technology for small businesses!). Just do your research and make smart business decisions. To find out more, check out our cloud point of sale software. You can start a free trial and schedule a meeting and demo with out of our dedicated product specialists.