It was shocking news really: during the holiday rush of 2013, cyber-criminals hacked into the checkout system of Target and stole the credit card numbers and other personal information of up to 70 million customers.


The crime raises all sorts of questions, but a main one is this: How could a company as big as Target, with undoubtedly oodles of fraud protection systems and people in place, be the victim of such a huge theft?


This is where it gets interesting.


It turns out that a small business was to blame.Steve-Strauss--in-article-Medium.png


The theft occurred after a Target HVAC sub-contractor was hacked. The contractor had access to the Target computer system in order to handle business, and the crooks installed malware onto the contractor’s computer. Then, according to, “after lifting the contractor’s login information, the hackers were able to test their malware on a small number of Target’s registers totally undetected between Nov 15 and Nov 28. Two days later, the hacking software spread to ‘a majority’ of Target stores and was actively collecting data from live customer transactions between Nov 27 and Dec 15.”


If you think cyber-crime, identity theft, hacking, and all the rest are the domain of big businesses, you are flat-out wrong. According to a recent survey by Intel Security, 6 out of 10 cyber-attacks are now directed towards small businesses. Why? Because we are easy pickings, that’s why. Just ask Target.


Or, better yet, ask some experts. I did. Recently, I interviewed top cyber-security experts for a video series for the aforementioned Intel Security. What I learned was alarming. It turns out that, for a variety of reasons, cyber-criminals have decided that the easiest way to ill-gotten riches is by hacking small businesses. Here’s why:


Lack of security: The crooks couldn’t get into Target’s system through Target directly, so they focused on the one area where the company was vulnerable – via its 3rd-party small business vendors. By most estimates, more than 75% of small businesses have no cyber-security software installed on their computers or system, despite this being the first line of defense.


Longer shelf life: When a big company like Target gets hacked, it becomes big news, and as a result people immediately begin to close bank accounts and change passwords. This means that the shelf life of the stolen data is pretty short.


But that’s not the case when the victim is a small business. It takes much longer for a small business case to be investigated, for people to be informed, and so on. In this case, the data taken can be used and sold on the black market for a lot longer. Stealing from small business is good business if you are a crook.


Lack of preparation: According to Todd Shipley, author of Investigating Internet Crime, small businesses do not have the know-how or resources to fend off cyber criminals, and as a result, they are more and more the victims of cyber-crime.


Click here to read more articles from small business expert Steve Strauss


So what should you do? Here are four top tips from the experts:


  1. Install software: Cyber-security software is a must-have these days. Do you have it?
  2. Train your staff: The main way that crooks get to small business is by installing malware on the system. They often do this by getting an unsuspecting employee to click on a link in an email that looks perfectly reasonable, but is not. That link installs the malware. Or, the employee downloads an “update” that is no update at all. It’s so important to create some strict security protocols and policies for your small business, and then train your people on how to follow them.
  3. Backup: Have you heard of the CryptoLocker virus? Here, the malware locks up your data and it cannot be unlocked until you pay a ransom of, say, $300 or so. Then the crooks unlock it. Because the amount is not outrageous, many small business people just pay it. But whether you do or you don’t, you know the drill. Backup, backup, backup. The one way to beat malware is to have a good backup system to move forward with.
  4. Beware of social media: While social media platforms like Facebook, LinkedIn, and Twitter are great for networking and promoting your business, putting too much about yourself out there can make you a prime target for hackers. For example, cyber thieves browsing on Facebook could find out your birth date, name, address, and pet’s names…enough to hack into your passwords. Be sensible about what you make public.


The time is now to upgrade your security system because you never know – you just may be the next Target.


About Steve Strauss

Steven D. Strauss is one of the world's leading experts on small business and is a lawyer, writer, and speaker. The senior small business columnist for USA Today, his Ask an Expert column is one of the most highly-syndicated business columns in the country. He is the best-selling author of 17 books, including his latest,The Small Business Bible, now out in a completely updated third edition. You can listen to his weekly podcast, Small Business Success, visit his new website TheSelfEmployed, and follow him on Twitter. © Steven D. Strauss.

You can read more articles from Steve Strauss by clicking here