Large corporations are investing more heavily in cybersecurity due to all the high-profile hacks that have taken place recently. Its smaller businesses that still need a little coaxing.
The results of a data breach investigation by Verizon found that nearly half of the 621 confirmed hacks it recorded in 2012 were at companies with fewer than 1,000 employees. Andrew Singer, of cybersecurity firm Symantec, told CNN that hackers view small businesses as a much easier target because they are far more passive when it comes to protecting customer information.
At the very least, small business owners can stay updated on ID theft issues by following the Lifelock Facebook page for updates on business security solutions and products. But knowing some of the more common methods hackers use to obtain customer information will help small business owners become more proactive in protecting their most valuable asset.
Whois Database
Whenever a new domain name is registered, a record is created in a database that anybody can access via a Whois query. All a hacker must do is enter your domain name to find out your name, address, phone number, email address and IP address. Once this information is obtained, you’ve opened yourself and your customers up to all kinds of criminal activity.
Most domain registrars offer private registration for free, while some ask for a small fee. No matter what the fee is, pay it. The name of your domain registrar and its contact information will display when your URL is searched as opposed to your personal information.
Phishing Scams
The Anti-Phishing Work Group reported that there were at least 72,000 unique phishing attacks in the first half of 2013. That number is significantly less than the 123,000 attacks in the second half of 2012. Some of the decline is due to a decrease on shared server attacks. But business owners are also being more vigilant in protecting their customers.
Phishing is when a cyber criminal send outs mass e-mails pretending to be a bank, domain registrar, or some other familiar entity to the potential victim. The message will ask the recipient to click on a link within the email body to update their card information, address, social security number or some other personal data. The link will lead to a phony website specifically set up to farm this information voluntarily given by unwitting individuals.
Warn your customers about phishing attacks through social media updates. Tell them to always physically type in the URL of your company if they need to be in contact or save it to their favorites for quick access.
Malware
Neiman Marcus and grocery chain Hannaford Brothers are just two of many retailers that suffered attacks on their consumer databases that may have been preventable. These retailers were victims of malware; a virus, trojan or worm that allows a hacker to take administrative control of your website and payment systems.
Make certain your anti-virus and malware programs are always up-to-date, and all necessarily security patches are installed. Andrey Komarov, of cybersecurity firm Group-IB, told PC World that remote access to a company’s POS system should be restricted to a few trusted IP addresses.
The FBI issued a warning in January to all U.S. retailers regarding an expected increase in data breaches in 2014. Make sure you’re doing all you can to protect yourself and customers.
