Cybersecurity is of the greatest concern for all types and sizes of businesses. Stealing information is a multi-billion dollar industry. It’s not a matter of if, but when your business gets hacked, what will you do? Patrice Koblitz, marketing director of the Small Business Development Center at Indian River State College (www.irscbiz.com), along with Craig Jon Anderson, business technology advisor for C & W Technologies (www.cwnow.com), gave a powerful presentation about the vulnerability businesses face from online threats at the July 5 meeting of the Port St. Lucie Business Women.
“Don’t think that because you’re a small business you’re not important and you won’t be bothered by online threats,” said Koblitz. According to the Better Business Bureau one in five small businesses is the victim of a cyber breach. Of all the breaches that occur, more than 80 percent affect small and medium-sized businesses. Within six months of a cyber attack, 60 percent of small companies go out of business.
Most cyber attacks originate via email. “Phishing, spear phishing, which is specifically targeted to you, and ransomware can destroy a small business,” warned Koblitz. Phishing is when an email purporting to be from a reputable company is sent with a request for verification of personal information that, once provided, allows the fraudulent sender to access financial accounts. Ransomware is a type of malicious software that can block access to files unless a ransom is paid.
Many businesses are unaware that they have been hacked because hackers are trying to use them to reach larger companies. She gave the example that the large-scale Target data breach of 2013 was executed by first hacking a small HVAC company.
Koblitz talked about a type of malicious phishing known as “man in the middle,” which often targets banks, real estate and title companies. A third party can obtain a business’s sensitive data from an unsecured network, a poorly protected network or through installing malware on the target’s computer. Once a criminal has your data, he or she can send a fake email that looks legitimate but wreaks havoc. Koblitz gave examples of emails sent to title companies from what appeared to be the legitimate bank or lawyer providing instructions and fake routing numbers of where to wire money for a real estate transaction, only to have the real bank or law office send an email hours later with the true information. Because the title companies did not perform a double or even triple authentication thousands of dollars were lost for which the title companies were responsible. “In one case involving a $300,000 transaction, the FBI was able to recover all but $40,000,” said Koblitz. “But a title company responsible for paying back $40,000 can put it out of business.”
Think about all the valuable information your company may have, such as sensitive customer records and credit card information. What can a business do to make itself more secure? Koblitz suggested training employees not to open all emails. Tell them not to share passwords. Install updates on computers and phones immediately as they arrive. Backup files often and regularly. “A business might have to invest in hiring a company to monitor and protect it online,” said Koblitz as she turned the presentation over to Craig Anderson.
“The goal of cybersecurity is to detect and respond, in addition to protecting since it isn’t possible to totally prevent a cyber attack,” said Anderson. An outside company also can provide user awareness training and test employees to verify their compliance. Anderson warned that it is no longer enough to just install or download an anti-viral computer program; a specialized company can provide a high-level of anti-virus monitoring. “Have a firewall that creates a bubble of security and ‘sees’ everything coming in,” said Anderson. “The bad guys can mimic good software. They’re smart. They will attack you again once you’re identified,” he added.
Additionally, if your company hires an outside computer monitoring company you can purchase cybersecurity insurance. A computer monitoring company will assess and address your company’s online vulnerabilities and bring your business into compliance with cyber regulations. “Most importantly, your business will continue to operate even during a hurricane,” said Anderson.
The Port St. Lucie Business Women is a 37-year-old professional organization dedicated to promoting the interests of business women and serving our community. For more information visit www.pslbw.com. Follow their Facebook page for updates about events, programs and community involvement.