Why Hackers, Cyber Criminals Target Small Business

Screen Shot 2016-02-28 at 3.31.36 PMProbably the biggest change NeXt IT has observed over the last 18 months is cyber criminals turning their efforts to small businesses instead of large enterprise corporations. Why? Because small business networks offer a much easier “lock” to pick, unlike large enterprises that invest far more manpower and money into high security for their networks.

One of the most common attacks is the ‘Crypto Locker’ hack. By going to many web sites, small companies have been tricked into downloading this damaging root kit and have been taken hostage. In almost all cases, they have had to pay the ‘ransom’ to get back to their data because the company didn’t have a good backup policy or a good internet useage policy.

“As the security becomes better at large companies, the small business begins to look more and more enticing to computer criminals,” said Charles Matthews, president of the International Council for Small Business. “It’s the path of least resistance.”

Some startling statistics:

One-fifth of small businesses don’t have up-to-date antivirus software installed.
Sixty percent don’t encrypt their wireless links.
Two-thirds of small businesses don’t have a security plan in place.
Eighty-five percent of the fraud occurs in small- and medium-sized businesses.

Why is security so poor? Most small businesses don’t think it could ever happen to them and don’t take the necessary precautions to secure their network, monitor their systems and train their staff.

Here are nine basic steps to protect your company:

  1. Educate your users on security basics, such as using strong passwords, shutting down PCs at night, and not downloading “cute” screen savers and illegal music.
  2. Create a computer-use policy or an internet-use policy. Make computer security rules part of your standard HR policies and make each employee sign that they understand the rules.
  3. Install a web-filtering software to police users and prevent accidental (or intentional) slip-ups on the above- mentioned usage policies.
  4. Install a good virus protection system on all computers on your network and maintain it.
  5. Install a firewall and check the logs periodically.
  6. Remove all unessential services and applications installed on your servers. After e-mail, this is probably the biggest security vulnerability. If a hacker gets in, this will reduce their ability to use a forgotten service or application to exploit your network.
  7. Keep all your computers and servers updated with the latest security patches.
  8. Never keep any of the manufacturer’s default settings on any of the appliances or software you install. Hackers know what these settings are and will use them to gain easy access to your network.
  9. Lastly, keep your website FULLY patched with the latest updates (less than 10 percent of companies keep their website back-end code up to date). Websites should be patched at least quarterly to avoid exploits.

Eric Ringelberg is the CEO of NeXt I.T. with offices in Muskegon, Grand Rapids, Kalamazoo, and Traverse City. NeXt I.T. was a 2014 Michigan 50 Companies to Watch, Ringelberg received the Entrepreneur of the Year Award though the Muskegon Chamber of Commerce and was a 2012 honoree for Corp! Magazine Entrepreneurs of Distinction.

To find out more about the company’s NeXtCARE plan, a training class or to develop an AUP (acceptable use policy) for your staff, call 866-388-6398. To sign up for free weekly “Cyber Security Tech Tips,” email mringelberg@next-it.net