SmallBizDaily is an American website which does what it says on the tin – it provides news on things which matter to small businesses. So visitors in September 2012, not least among them the site’s owner, were shocked to find that it was not showing small business news, but instead displayed extremist terrorist videos. The site had been hacked months before, and the evidence had only just appeared.
Why would anyone do this? Taking the question a step further, why would anyone want to hack the website or servers of a small business? In this previous post, I described a slightly implausible scenario where disgruntled customers wanted revenge. Most disgruntled customers are unlikely to go this far. A competitor might also want access to your accounts or to send your website offline – but if you’re a small company, you’re unlikely to be attracting that sort of attention. There’s another threat out there though, as SmallBizDaily discovered: cybercriminals.
You might assume that cybercriminals would only be interested in the big firms, but you’d be wrong. Symantec found that between 2010-2012, 40% of all targeted attacks were aimed at small or medium businesses. It actually makes a lot of sense for hackers to target these. Firstly, your business is more valuable to hackers than you imagine. Even if there’s not much money that they could transfer (supposing they were to have located enough banking information to access a company account), they could modify your website to display spam or other unwanted things. This could get you delisted from Google and other search engines, with horrific implications for future sales. Your servers may well have valuable information that hackers could sell on, such as credit card details. Secondly, if your business is in a larger firm’s supply chain then it could provide a way into that firm – they could be vulnerable to a social engineering attack from someone posing as a member of your business. Finally, and most importantly, you’re more vulnerable than a larger organisation because you’re less secure.
Most small business owners recognise that security is important, but most don’t do enough to protect themselves from cybercriminals, who know they represent low-hanging fruit. A quick Google search reveals an eclectic array of small businesses which have become victims of cybercrime, ranging from clothing stores to bakeries – and yes, even tech firms. The previous three posts on this blog have given advice on some of the threats out there, and what you can do to protect yourself from them. A little-known fact, however, is that 95% of attacks rely at least in part on human error, a finding IBM Security describes as “disheartening”. This can be as simple as an employee clicking on a dodgy link, or as sophisticated as a social engineering attack designed to trick someone into revealing a password or ID. Humans are often the weakest link in the chain, and it’s important to have systems in place enforcing correct usage of IT, especially regarding the disclosure of sensitive information.
Aiteo is determined not to be the weakest link in the chain. By ensuring all the firms we work with have the highest standards in digital security, and using products such as Aiteo SecurePortal to protect your data, we ensure that your sensitive information stays confidential. The world is an increasingly difficult place to stay protected in: we think your accountants and business advisors should help rather than hinder you.