Hackers target small businesses

'Puddle' phishing and more

Feeling paranoid? Think people are out to get you? If not, you're just not paying attention. Small businesses have gained the attention of large companies who lust after their buying power. And unfortunately, hackers now lust after small business for their intellectual property and customer data, and find smaller companies make easier targets because their defenses are weaker.

So says Dan Hubbard, vice president for security research at Websense, the security firm which just announced the Websense Express product line for SMB. The trend for large companies to make sophisticated security tools affordable for small companies is a trend we should all encourage.

Who says hackers target small businesses besides Websense? How about Visa? According to the credit card company, since 2005 small businesses represent less than 5% of exposed accounts but have been the source of 80% of identified data security compromises (I don't now how they define "small business," so it may be companies with up to 1,000 employees). You know the reason: small businesses don't have the security expertise in house to protect themselves. And crunched budgets often stop businesses from adequately defending themselves even when they know they should.

Hubbard says his company's research shows phishing attacks have moved from the big national companies down to neighborhood credit unions and small banks. Quaintly known as "puddle" phishing, these attacks prove spam must be cheap, because the phishers will launch millions of messages to get a bite from a customer of a small financial services company with only a few thousand accounts.

Websense says some of the technical managers it has talked to at banks and credit unions don't know enough about phishing, and even those that do often lack a plan to contact and reassure customers and handle questions when they are victimized.

Even small retailers have value to hackers. Take a look at, say, a liquor store. They do thousands of transactions every week or two. If the store installed its own wireless network with poor security, hackers can sit outside and capture customer data in real time. If they snag one complete transaction, they have a stolen identity in their pocket. They might have done this in the past by dumpster diving and hoping to find credit card receipts, but sitting in the parking lot keeps them smelling better. The fact that most printed receipts today include only a part of the credit card number adds another reason hackers eavesdrop rather than dive.

Midsize companies in industries full of intellectual property, like aerospace firms, get targeted as well. Stolen data gets sold to competitors, often overseas.

While I've never been a big fan of tight Web surfing controls on employees, believing managers should manage rather than trust software, hackers may force me to reconsider. Websense reports Web browsers are the preferred entry point for viruses and worms now, taking over from e-mail payload delivery. Stopping employees from surfing to gambling sites, for example, cuts your exposure considerably.

But you need surfing security even when you block every suspect site, because well known national sites get compromised. Hubbard says one of the sites for the last Super Bowl turned into a hacker tool for a while the day before the big game. Oops.

What can small companies do? Outsourcing Web hosting, especially e-commerce sites, turns security management over to professionals (for the server but not necessarily your applications). Treat every byte of customer data like money, because if you lose it, you will pay and pay and pay. Too many small businesses believe "common sense" can protect their customer data. Not only is that not true, but even if it worked, common sense remains in short supply.

Websense licenses its products on a per-seat, per-year basis. In the U.S., the cost is $20.50 each for 1-250 users. Over 251, and the price drops to $15.50 per seat. Prices also drop with longer contract times and more licensed users.

Is it a shame we have to worry about attackers targeting data and customer information every minute of the day? Yes. Will life get easy in the next year or two? Not really, so bite the bullet and protect yourself if you've only been using the "cross your fingers" method. If you do have strong security systems in place, check them regularly.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

James E. Gaskin

Network World
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?