I was recently speaking with the head of security for Intel Security and he relayed a chilling small business cybercrime story to me.
A small surf shop in Southern California had been in business for a decade (notice the use of the past tense.) The owner’s computer was full of customer lists, vendor information, bank account information, passwords; the whole nine yards. And like most small businesses, the owner gave little thought to the sensitivity of such information, until it was too late.
One morning he came into his store, turned on his computer and found that he was locked out of the system. Apparently, a piece of ransomware, a particularly virulent piece of malware, surreptitiously installed itself in his computer. The owner opened an email that was supposedly sent from the FBI. Once he opened the email, the virus installed in his computer which caused the computer to lock up.
Another way malware installs itself in various systems is by creating phony web pages and then stalking people through social media. For example, the message: “Hey Bill - Check out this amazing Michael Jackson video that was recently discovered!,” may pop up as a social media post. Bill then clicks the link (because it’s from one of his hundreds of “friends” on Facebook) and the malware instantly installs itself.
Malware can be a detriment to your business. In the case of the surf shop, it did two things:
- It made the owner have to pay a ransom to unlock his computers. It’s called “Ransomware” for a reason. Typically, the software demands that the locked out computer owner pay a ransom of say, $500, to get an unlock code. Many small business owners opt to just pay it, like the surf shop owner.
- The surf shop owner got angry (of course) in the middle of the transaction and cancelled his payment. By doing so, the malware then deleted all of his records from the past 10 years.
It put him out of business.
When most of us think about cyber-security, breaches of large corporations like Target come to mind. But the fact is, small businesses are far more likely to be targeted than larger businesses or corporations. There are two main reasons for this: First, small businesses tend to not have cybersecurity software installed. This makes them easier targets, and second, when a small business pays a ransom (or has its bank account cleaned out, etc.), it doesn’t make the news in the way that similar security breaches of larger corporations do.
In fact, the Target security breach (in which the data regarding some 80 million credit cards was stolen) was actually the fault of a small business. Target, like all large corporations, has tons of redundant cybersecurity systems in place. But one of its vendors – a small heating and air conditioning company – had none. So the crooks burrowed into the small business’ computers, and then when that company logged into the Target system to submit its invoice, the malware transferred from the small company’s computers to Target’s mainframe computers.
So the lesson is clear: As a small business owner, you simply must protect your computer system with cybersecurity software. And, not only do you need to have this protection on your main work computers, but it’s also just as important that the programs are installed on your laptops, tablets, and mobile phones. If you ever access your bank account from your mobile device, you get why that is.
So the best advice from the best experts is that cybersecurity is something small businesses need to take very seriously. You need to learn what suspicious online activity looks like -opening unknown attachments, clicking suspicious links, not downloading software or updates from unknown sites and sources, etc.. Teach these best practices to your employees, and protect your systems with a cybersecurity software suite.
Do it now. The life of your business may depend on it.
About Steve Strauss
Steven D. Strauss is one of the world's leading experts on small business and is a lawyer, writer, and speaker. The senior small business columnist for USA Today, his Ask an Expert column is one of the most highly-syndicated business columns in the country. He is the best-selling author of 17 books, including his latest,The Small Business Bible, now out in a completely updated third edition. You can listen to his weekly podcast, Small Business Success, visit his new website TheSelfEmployed, and follow him on Twitter. © Steven D. Strauss.