Technology Blog »

SMB HACKED:How to Prevent Attacks on your SMB


2015 was a crazy year for hacker news.

Many big companies such as Dropbox and Ashley Madison were hacked, and the entire world heard the stories. You heard the news about big companies getting hacked, but what about the small to medium sized businesses (SMBs) of the world? Most news outlets and publications are only going to report on the stories that will drive readers to engage with their content. Small and relatively unknown businesses (on a global scale) do not drive readers to click articles while they scroll through Reddit or Twitter, nor do they encourage the purchase of a newspaper or magazine. The media cares about BIG business; but unfortunately small businesses have run into some very big problems, too.

Last year, a small California based toy company— Rokenbok Education of only 7 full time employees— suffered a virtual nightmare. During their busiest season of the year, all of the files in the company database became instantly unusable. (If you’re asking yourself “why?” or “how?” you should take a look at our blog on security for SMBs.)

The problem Rokenbok was facing was not the result malfunctioning technology nor a glitch in their systems, but of a network infected with Malware. Specifically, the malware used is called Ransomware. Ransomware is a type of malware that encrypts important files and demands that users pay a "ransom" to regain access to them. Ransomware is not a new type of malware, but it has become increasingly prevalent in recent years because of CryptoLocker and other ransomware variations such as CryptoWall. (For more information on ransomware, read our blog on Cryptolocker.)

Instead of paying the ransom, Rokenbok decided to restructure their entire system, taking a total of four days. While Rokenbok was lucky to survive this cyber disaster, the company lost four business days. For Rokenbok, four days of downtime meant days of lost sales and confused customers who likely lost confidence in the integrity of the company. Furthermore, there was increased financial strain on the company as they had to pay security professionals to put out the fire and restore their systems. Luckily, Rokenbok made it through and did not go out of business, however some SMBs aren’t as lucky.

Why do these breaches happen to SMBs?

There are many reasons why SMBs could be at risk for a cyber security breach, however let's focus on the main one: most SMBs focus on profits over security, and honestly, it’s hard to blame them. When you’re a small business, the mindset is that no one is going to attack you. You are safe. You’ll never be at risk like Sony, Ashley Madison or Dropbox. But that mindset is exactly what can get SMB owners into trouble. Hackers don’t necessarily care about the size of your business anymore. Hackers now know that many SMBs do not focus as much on security as larger corporations, thus making SMBs the perfect target. Less hoops for them to jump through, so to speak.

Here’s a statistic that will make you realize how serious we are:
Recently, Timothy C. Francis, the enterprise lead for Cyber Insurance at Travelers, stated that 60% of all online attacks in 2014 targeted SMBs. 60%.

So what can you do? We know you might not have a large budget for security, but it’s important to at least create room in your budget to accommodate for it— especially for businesses who store sensitive customer and employee data. Our suggested first step would be to start with a security audit. This will allow you to see where the virtual “holes” are in your network, allowing you to begin the process of allocating for security and structuring a plan. You can do this in-house, however we suggest using an unbiased third-party to perform this audit. Make sure that they are thorough and check all areas of risk including but not limited to: customer data, employee access, and assets such as servers, computers, databases and all internet enabled devices.

A good (and easy!) next step would be to have everyone in the company strengthen their passwords. Hackers can now analyze passwords and have become experts at cracking them. Have all your employees change their passwords often, and ensure to make it unique, long and a mix of characters (for example, use special characters and a mix of upper/lower cases). If you're changing your password often, a good resource to use would be an encrypted password manager so that you can keep your accounts secure while never having the risk of forgetting a long, complex password.

Additionally, we always suggest installing firewall and keeping your antivirus up-to-date. Antivirus clients often provide patches and updates so making sure to update these frequently is key to preventing a cyber breach.

Lastly, many cyber attacks happen after an employee (accidentally) clicks on a malicious website or link. Therefore, we suggest training your employees on the importance of security. Make sure they know to not open emails and attachments from unknown senders and to report any malicious activity to their superiors immediately after receiving a suspicious email or message.

How we can help

This might all sound a bit overwhelming and that’s ok! That is precisely what we’re here for. If you would like to discuss the possibility of increasing your security efforts, or would like us to help you perform a system audit for your business, don’t hesitate to give us a call today. Delaney Computer Services would love to help you get your SMB on track.