Why small businesses should care about cybersecurity
September 13, 2019
"It's safe to assume someone out there knows your password that you use for everything." Aaron Warner, CEO of ProCircular says. Warner works with businesses to identify, prevent and resolve cybersecurity issues. He recently guest-hosted Honkamp's Huddle webinar, You vs. Cybersecurity. In this webinar, Warner covered why and how hackers target businesses, how and what they steal, and how to prevent cyber-attacks in your business.
Warner said he often hears, "I own a public supply company. Why would anyone care what we're up to?" In truth, small to medium-sized entities (SMEs) are statistically more likely to be targeted than large businesses. Why? Warner explains that SMEs typically have:
- Limited IT resources and technical support
- Especially concentrated information with fewer people holding more responsibilities
- Most of their valuable information on a shared drive making it easy to find it all in one place
Warner also says that typically hackers are not after you, they're after your clients. Small firms like law offices and wealth management firms with high-net-worth (HNW) clients can make for ideal targets. "It's important to take a moment and think about who you serve and why their info may be valuable. How can you protect them." Warner also shared ways hackers can target your business or your clients including:
- LinkedIn Sales Navigator - For researching companies of specific industries and sizes
- News media - For identifying key targets like HNW individuals or C-suite professionals
- Pastebin - For gathering information other hackers have collected and dumped, such as stolen logins and passwords
Once they have your information and/or credentials, stealing the data they want becomes easier. "One of the most common ways a hacker will take advantage of you is through your customer service," Warner says. "Hackers will know that and take advantage." Warner encourages employers to give their employees the right to say 'no' if they are being pressured. Warner also outlined tricks like:
- Logging in from Remote Desktop
- Hacking into a QuickBooks account with a stolen login
- Spoofing emails claiming to be a CEO asking for purchases or wire transfers
When it comes to businesses, hackers are often after your payment and financial information. They can change routing numbers on payroll to pay themselves or manipulate vendor relationships for payment. They could also be after your intellectual processes and designs which they can sell to other companies who would look to manufacture your product for cheaper.
When it comes to your customers, hackers are after not only their financial information but also their personal information like Social Security numbers, medical records to steal prescriptions, and valuable login information for all your clients' accounts.
Warner explained that all this information is available on the dark web, which is a mature and sophisticated market. "It's not a bunch of kids in a basement, it's millions of dollars being transacted."
Warner also discussed trends to watch for in 2019 and ways to protect yourself from cybersecurity attacks including:
- Regular backups
- Password management and 2-factor authentication
- Cybersecurity insurance and cybersecurity services
- An emergency plan with your employees
- System scanning and regular assessments
- Regular hardware/software updates
- Setting up voice confirmation for wire transfers with your financial institutions
"The good news is, there are more advanced solutions available now. You don't have to be perfect; most hackers are lazy. If you take a few basic steps to protect yourself, you can limit your targetability and hackers will move on."
For more details on how and why hackers target businesses, what they're stealing, and how you can prevent it in your business, watch the webinar at: https://register.gotowebinar.com/recording/7824889301583155459.