Client Login

Cybersecurity threats impact small businesses too

Cybersecurity risks threaten small businesses, their owners & their employees

The majority of this content was taken from a live seminar on cybersecurity

Cybersecurity seems to be in the news on a daily basis, and local businesses are finding that some of the stories are starting to hit a little closer to home.

The Equifax security breach grabbed the headlines recently, along with continuing breeches at government agencies, stolen war plans and allegations that a well know anti-virus company was helping the Russians steal top secrets with their software. According to Nate Gravel, VP of Information Security & IT at GraVoc, this is only the tip of the iceberg.

Background: 5 of the largest data breaches in recent history — and 4 more you forgot

The Equifax breech was perhaps the most shocking, where the personal data of upwards of 143 million Americans was compromised. But thousands of small businesses, their owners, and their employees face a far greater risk.

Cybersecurity as you once knew it has changed – and in a dramatic fashion. Now, it has become really big business, that's precisely targeted and executed for gain.

According to a recent Juniper research, global cybercrime costs are projected to reach $ 2 trillion dollars by 2019. In the U.S., cybercrime costs U.S companies $21.2 Billion per year. See study

Organized crime gangs have so completely overrun the hospitality and restaurant point-of-sale systems in the United States that you should assume your card may very well be compromised whenever it is used at a restaurant or hotel bar/eatery. Article via HR Dive

Today, information (your information) is easily sold on the “dark web” as if it were an Amazon checkout queue, with varying price tags depending on the type and newness of the data. These can range anywhere from $1.50 to $700 for someone’s bank credentials. These prices are not an issue for those who will exploit the information. It pays off.

Before, the main threat came from hackers, who deliberately tried to wreak havoc on a business or individual user. Traditional mafia families and crime groups have now moved into the cybercrime space and consider this a new revenue generating source.

Some of the cybercrime “lines of business” include:

  • Botnet Services
  • DDoS Attacks
  • Malware (rogue antivirus and Ransomware)
  • Access to corporate networks
  • Hackers for Hire

Cybersecurity: Social media has created a new habitat for fraudsters and social engineers

As we ‘grow more social” and continue to share more and more personal information through Facebook, Instagram and other social platforms, we have helped spawn a whole new industry called Social Engineering - the art of manipulating people into performing actions or divulging confidential information for exploitation.

Social engineering is very effective because it plays on human nature/emotion.  Plusit’s readily available to be mined on social media platforms, particularly Facebook, because we often let our guard down and share far too much personal information online.

Consider these simple examples:

  • Can’t wait to take my cruise to Bermuda on Saturday (aka my house will be vacant)
  • Susie  – age 4 at the ABC pre-school this morning (identifies your child & precise location)
  • Email (from the CEO of the company) – we need to confirm your SS# to complete a tax document

This personal information is mined and exploited to trick you into providing a credit card number, personal identification like your social security number, birthday, and other information that leads to opening false accounts, taking out loans, requests for emergency wire transfers and other extortion efforts.

Cybersecurity: Malware is also getting more pervasive

Did you know that there are 250,000 to 900,000 malware viruses released each day? Your virus software is just not going to keep up.

Most recently, the WannaCry ransomware had a devastating impact on hospitals and the healthcare industry. While the effects of WannaCry were felt most notably abroad, new variations of malware, at any given moment, could have a similar impact on smaller U.S. businesses across many industry verticals. Read about the latest ransomare - Bad Rabbit

Cybersecurity: Skimming devices are getting increasingly sophisticated too

ATM’s, gas pumps and POS terminals could all fall victim to skimming devices that will collect your credit card information, PIN and zip code – all very useful information for a cybercriminal.

Thieves have gotten so sophisticated that they can even replace the keypad, or the entire POS device, without detection, happily broadcasting your data to an awaiting server.

The bottom line – you need to be more vigilant, and strategic, to protect your business and your employees.

Cybersecurity: The company car could be at risk

According to a recent article published by online magazine Motherboard, cars may be a treasure trove of unsecured data just waiting for a hacker to claim it. A security software engineer discovered that his car’s infotainment system did not use modern security software principles, yet it stored a lot of personal data taken from his phone, including call histories, contacts, texts, emails and directory listings from his mobile phone that had been synchronized with his car (using Bluetooth or other connections) and were being stored on the infotainment system in plain text (i.e., unencrypted).

Hackers could gain access to this information remotely through car-based internet connections (a growing technology) or directly through the car’s USB port


3 Things to help Protect Your Business and Employees from Cybercrime

  • Training & Education

Educate employees to be “safer” on social media. Show them these examples. Discuss data security practices and procedures in your business. 

Educate them to be on the lookout for suspicious or unusual behavior, especially if they must leave their post.

Appoint a data security/cybercrime watchdog to consistently review 

Read HR Executive’s article, HR’s role after the Equifax Breach, for some role specific tips.

  • Invest in all three phases of information security:
  1. Protection (i.e. virus software, firewalls, cyber insurance)
  2. Detection
  3. Response – seek professional help
  • Test continually; make adjustments as needed

Cybersecurity: States Are Playing a Bigger Role

Lawmakers in Massachusetts have turned their attention to evaluating and improving cybersecurity across the Commonwealth. The State Legislature has created a special committee on cybersecurity readiness and is working its way through several bills on data privacy and security. Read more

Cybersecurity Summary

It’s a continuing challenge out there, but a combination of technology, training & education, vigilance and some common sense will help reduce your risk.

Remember to reach out to the experts if you need help.

Nate Gravel, VP of Information Secruity & IT, GraVoc

Guest Blogger Nate Gravel - VP of Information Security & IT