Why You Should Care About Information Security As A Small or Mid-Sized Business Owner

You’ve seen the news, heard all the hype; Marriott, Chinese State sponsored hacking, DNC email leaks, along with Saks, Lord and Taylor, Panera, Facebook, Under Armour among others becoming victims of data breaches. You’ve probably also seen the TV shows and commercials portraying hackers and their potential targets being defended by some slick cybersecurity group. While it’s dramatic, what does this have to do with you, the small to mid-sized business owner or manager?

Perhaps at first glance little to nothing you would say. Who would want my company’s information, no one will target us you think. Well, while yes the big companies, political organizations, governments, and others are direct targets you may be a target as well, albeit indirect. 

While no named organization, or government entity is going to directly attempt to hack your company you may be the target of smaller groups that crawl the Internet searching for vulnerable anonymous systems. So why do they look to do this especially if you and others truly have nothing to offer you ask? Well, at the very least you have some information as well as servers or other infrastructure that is of value to the perpetrator.

Hackers have differing motives. Some may be in search of sensitive information such as credit card data or personal and private information, others may seek to take control of your systems to anonymously launch hacking operations on others from your systems, while others may look to store stolen information for sale, or host pornography. Many who conduct this type of activity may do so from Internet cafes in far off places with limited chances for prosecution. Many have little means and any payoff from compromising a system is welcome. It’s not glamorous like what you get from TV or the media, not dramatic but the ‘work’ pays off.

So how do they find me?

Hackers use simple scanning tools readily available as freeware and test address ranges, identifying networks that have weak security controls or improperly configured networks. While they may not have specifically targeted your company they may stumble upon your company as its Internet addresses lie within the range of their target scan.  

So what’s next?

When an IP address is found to have technical vulnerabilities the next step by the hacker is to exploit the vulnerability with more free pre-packaged hacking tools and see if they can gain access to your network or systems. With success additional tactics and tools will be employed to poke around inside the network to see what information or hosts may be readily available for compromise.

What’s the payoff?

If they do obtain records of value, such as credit card information they look to sell it to other criminals that will exploit the information.  Values vary but here are some rough numbers.  Credit card information roughly sells for  $5 to $8. Data that includes the number as well as a bank ID number or a date of birth sells for $15. “Fullzinfo” information, which may include details like a cardholder’s full name, address, mother’s maiden name, Social Security number, and other details, can sell for $30. $30 to someone that lives in a far away place may be more money than the average person normally sees in weeks or a month. Beyond that they may disrupt or take control of your system just to show they can.

What’s your potential harm?

The potential for reputational harm or an inability to operate may far exceed the value of any stolen data. You may loose customers, business partners and revenue should your compromise be known or legally need to be reported. Business impacts could be severe if you can’t operate for a period of time.  Beyond that you may find that you are facing lawsuits from customers or business partners.

While I can continue to write the Internet is full of information and articles related to this topic so don’t just take my word for it.  Take a look on your own though some simple Google searches.

We have helped numerous companies recover from hacking, viruses and other security events as well as strengthen defenses against random hacking. Please feel free to contact us at 908-232-0100 for a discreet, confidential discussion as to how Network Management Solutions can be of assistance to you and your company.

Speak Your Mind

*