Why would hackers target your Small Business?

Would hackers actually target your business if they knew how small it was?  The short answer is: yes.

There tends to a mindset among SMBs that because their company is small they don’t need to be concerned with security, because they aren’t valuable enough to be targeted by hackers.  But as we’re seeing more and more of these kinds of attacks, it’s being proven that that’s not true.  Small and mid-size businesses are often used as stepping stones to get to larger businesses because they tend to have weaker or more porous defenses.  A recent example is the Target breach that we all heard about. The attackers actually came through an HVAC company that had Target as one of their clients. However, you don’t need clients the size of Target to become a target yourself. Most hackers will gladly go after a company with less to offer if it will be easier, or less risk of being caught.

One of the ways these attacks can happen, would be for a hacker to use your business’ trusted reputation to attack your clients.  For instance, if you received an email that appears to be from one of your trusted vendors with a link or attachment, you would most-likely assume it’s safe.  However if that vendor had been compromised, the email you’re seeing could have been sent without the vendor’s knowledge by the attacker.  Through just a few clicks and following seemingly legitimate directions, you can give an attacker access to your computer.  With that access, the attacker could potentially probe your network for things like:  bank accounts, credit card numbers, employee information, clients’ information or even access you may have directly to one of your clients systems.  And that access could allow the hacker to use you as a pivot.  Pivoting is a technique of using a compromised system as a foothold as the attacker finds and compromises the next victim.  This can in turn affect your clients by essentially causing a chain reaction, again through sending your clients seemingly trusted emails from “you”.

So what should you do? Unfortunately when it comes to cyber security, there’s no silver bullet.  But there are things you can do to help protect your company.  Such as keeping your computers up to date (Windows XP will no longer be supported after April), making sure you have updated and reliable anti-virus, ensuring that you have good backups of any data that is valuable to your company, and exercising extra caution when clicking on links or opening attachments in email.

Every business is different, and the things that make sense for one business may or may not make sense in your environment. We strongly encourage SMBs, if you have any question at all as to how secure you really are, or if there are things you could do differently to improve the security of your business ask your IT security consultant to sit down with you and help you map out how you are doing and if there are any areas where you can improve.