The slogan “it’s not if you’ll be hacked, but when you’ll be hacked” is one we’ve all heard a dozen times. But doesn’t it start to get old after a while? You have a good firewall, plenty of anti-virus licenses, and strict prevention processes. Plus, you don’t have any credit card information on file. You’re covered, right? Sorry to burst your bubble, but that’s simply not true.
Why Small Businesses Get Hacked
There’s a tendency to generalize what hackers actually want. Many of the largest, high profile data breaches (Target, Home Depot, and JP Morgan Chase) have targeted credit card information. Many small business owners deceive themselves into thinking they aren’t targets because they don’t save that information. In reality, credit cards are small potatoes.
On black market auction sites, a person’s credit card information can sell for $10 – $40. To gain any worthwhile payoff, hackers need to steal credit card information in bulk, hence all the huge targets. Yet all the real cash is in medical information. One person’s medical records can sell for $100 – $400. Why? With that information, thieves can commit financial and insurance fraud, extort money from scared people, and do even more damage.
Though large healthcare facilities and insurers are the meatiest targets, small businesses are easier to surmount. Most don’t have anything but rudimentary security measures protecting their employees’ medical records and group plan information. Don’t think it’s farfetched. All it takes is for hackers to breach one unprotected database and your employees will face ruined credit, phony loans opened in their names, and plenty of other identity theft horror stories.
Your Data May Already Be Gone
The bad news is you may already be affected and not even know it. On average, it takes 229 days – that’s right about 8 months – after a small business gets hacked before they realize the breach. Without persistent network scanning, software updates, careful internet security, and regular action on log reports, you risk being a candidate for long-term breaches.
Most of us unknowingly give thieves all the information they need via social media. Take a look at www.echosec.net. It’s marketed as a tool for law enforcement, IT security professionals, and journalists to find out what people are doing on social media in specific geographic locations. In and of itself, it’s innocuous, but in the wrong hands, it can be highly damaging.
Hackers can use it to track what your staff innocently posts to Facebook, Pinterest, Instagram, Twitter, and any other social media platform. From there, they can grab all that information and create logical links to steal even more data. Sound crazy? It’s done every day. Is your staff posting about the cool work they are doing with your clients? The hackers of the world want to say thanks for making their job easier. Your clients are now openly identified and easier to compromise than ever.
There are so many different ways that small businesses get hacked (more than we can include here) if they aren’t careful. That’s why IT security is not a set and forget item. Proper precautions will protect you, but constant attention is required in a world where we are always online.
Interested in learning more? Contact us. We at KME Systems have kept clients protected from data breaches since 1993 and we pride ourselves in keeping track of all the latest hacking techniques.