Q: Steve – We all say, “It won’t happen to me.” Well, it happened to me. Somehow my computer was hacked with “keylogging” software and our corporate bank account was ripped off to the tune of almost $5K. Please warn other small business owners to take appropriate steps because it sure can happen to them too. -Andrew
A: You are preaching to the choir, brother!
A few years ago I was speaking with an online security expert and he explained to me that it wasn’t just phishy emails (pardon the pun) that were the problem now, that simply by clicking on a bad link on a website or Facebook or wherever, you could infect your computer with malware. “Bam, you are owned,” I still remember him saying.
Keystroke logging software (or keylogging) is an incredibly frightening prospect (more on this in a minute) that is just one of the millions of online threats that small business these days are facing, according to Bill Rielly, the senior vice president of small and medium business for the online security leader McAfee.
I recently sat down and spoke with Rielly about the state of small business security and left, strangely, both reassured and more concerned than ever. I was reassured because there are easy-to-install solutions available if a small businessperson takes even just a little time to find and use them, and yet my concern increased for two reasons:
- I understood better than ever just how many threats are out there and how they are often now aimed at small businesses, and
- I also learned just how few small businesses appreciate the extent of the threat and thus do little to protect themselves
According to Rielly, cybercrooks are increasingly targeting small businesses because we have neither the expertise nor resources to be vigilant and ward them off. Whereas a giant bank for example has scores of people that do nothing but online security, the typical small business is lucky if it has a part-time IT guy.
The good news is that companies like McAfee know this and work hard to create products for the small businessperson that are affordable, powerful and thorough. As such, according to Rielly, while a small business may not be able to afford its own cybercrime prevention unit like a bank can, there is software available that does the heavy lifting for you.
If you really want to be scared straight, consider the aforementioned problem of keylogging software. By opening up an infected file or even just clicking on an infected link, malware that logs what you type on your keyboard can surreptitiously be installed on your computer. Remote cybercrooks can then see what you type to, say, log into your bank.
How pervasive is this sort of problem? Last quarter alone, McAfee security experts discovered 14 million new malware programs. 14 million. According to the Center for Strategic and International Studies, cybercrime creates a $100 billion annual loss to the U.S. economy.
Couple that with the results of a recent British study that found that only 36% of small businesses have any sort of real security software and you see just how vulnerable small and medium businesses are to cybercrime.
So, what do you do and how can you protect your business? Here are four simple strategies to implement:
1. Get protected: Cloud-based solutions are great because they provide 24/7/365 protection to your computers and system. This allows you to reduce administrative overhead, reallocate IT resources, get up-to-the-minute security, and protect your computers, data, and small business network.
2. Back up: You know the drill and I hope you have listened. Backing up your data is of course critical, and again, using a remote, automatic, cloud-based solution provides daily (or hourly!) backups. Never lose a chapter of a book – err, I mean, your data – again.
3. Have a back-up plan: In the case of a cyber-attack, having a backup plan for how to deal with it and continue operations is wise.
4. Train your staff: Create cyber-security policies (for example, no downloading software from unknown sources, no clicking of links from unknown people, etc.) and then take the time to train your staff on what these policies are, why they are important, and what you expect.
As Bill Rielly explained to me, online security for small business is a no-brainer because it takes little time, is very effective, very affordable, and the consequences of doing nothing can be the difference between staying in business and not.
Today’s tip: “(Jul 25, 2013. Reuters) Federal prosecutors said on Thursday they have charged five men responsible for a hacking and credit card fraud spree that cost companies more $300 million in the biggest cybercrime case filed in U.S. history. They also disclosed a new security breach against Nasdaq [and] other companies targeted by the hackers which include J.C. Penney Co. and JetBlue Airways . . . Prosecutors said they conservatively estimate that the group . . . helped steal at least 160 million payment card numbers.”