The frightening lesson small business owners should learn from the Equifax data breach
After the recent Equifax data breach, which potentially exposed the social security numbers of nearly 150 million, the question on all of our minds is, “What can I do to protect myself?” For small business owners, an additional question weighs heavily: “What can I learn from this when it comes to my company’s cyber security?” In our books, here at Frontier IT in Colorado Springs, there’s one massive takeaway — and it might not be what you think. Whether your company is an international behemoth or a small-town mom-and-pop shop, you’re a target.
No one’s immune.
When you hear about data breaches affecting business giants on the national news, “it makes it seem like it’s somebody else’s problem, or like you’re too small or can fly under the radar,” says Adam Puckett, director of business development for Frontier IT.
“That’s not really how hacking works.”
Just how does it work?
“Think of it like sonar,” Puckett says. “Hackers send out a ping across the internet that says ‘show me everybody who is on the network who doesn’t have this patch, or this update.’
“It costs nothing — just like there’s no price difference between sending one email or a thousand.”
After targets are located — regardless of size — “they pick off the vulnerable,” Puckett says.
“It’s like picking off the weaker parts of the herd. A large company like Equifax might be targeted, but that’s not the way most hacking incidents and breaches happen. They find somebody who has a weak link in the chain and exploit it.”
In short, most victims of hacking are simply victims of opportunity, chosen due to their vulnerability, not status or size.
This means that anyone — and everyone — is a potential target.
Puckett recalls hearing of a case in which a water restoration company was hacked and lost eight years of accounting data.
“Why would anybody hit a plumbing company?” he asks. “They were running old, un-patched software and had no network security. There were vulnerable, and they were scanned that day.”
It boils down to this, Puckett says: What do the mom-and-pop plumber, Target, Equifax and Hollywood Presbyterian Medical Center have in common?
“Nothing, other than their stuff wasn’t up to date, somebody found out, and they got in.”
Most folks, small business owners included, probably don’t realize how hacking truly works, says Kelly Karnetsky, director or marketing for Frontier IT.
Though some large-scale attacks clearly have targets, hackers are “also scanning the world looking for anything they can get their hands on to make a few bucks” between big hits, he says.
“We’re lucky that, right now, that hackers just want money,” Puckett adds, referencing ransomware.
“What happens when they get sadistic and want to scramble your data? Perhaps it’s hactivism — say you’re a meat processing factory, you might think, ‘Who would want to hack us?’ Maybe animal rights activists, and they scramble your data. They’re not after money, at this point. It will mess up your operations.
“That’s the dystopian future. Instead of a bad Yelp review, someone hacks in and messes with your data. They say, ‘I don’t want Bitcoins, I want revenge.’
“Trouble comes when they start being more sadistic than they are greedy. We’re actually lucky they’re greedy. When they get sadistic, it becomes a much uglier world.”
Here we go again, making our readers uneasy and nervous. We don’t mean to. Unfortunately, this is the sad, inconvenient truth of the world in which modern businesses operate.
What’s a harried small business owner to do?
Contact an MSP, or managed service provider, that can offer your business the IT services it needs (like server/network monitoring and disaster recovery planning and) in an affordable, à la carte fashion.
If you’re looking for guidance, reassurance, peace of mind and expertise when it comes to the cyber security of your business, drop us a line today.
A singular lock on your business’ front door isn’t enough to protect it — and simply installing antivirus software on your business’ computers is just as insufficient. Layered security is key. Let’s talk about how we can protect your business’ electronically stored data with such security — and keep your company running smoothly and profitably for years to come.