A July 5th article in the Wall Street Journal points up a little known fact: that small businesses – those with 11 to 100 employees – are the most targeted victims of cyberattacks, which have become a greater threat than ever before.
According to the article by Sarah Needleman, firms with 11 to 100 employees are attacked more than ten times as frequently as smaller firms (1 to 10 employees) or the next larger tier (100 to 1000). It’s not even close. And the numbers are rising.
The damage can be large and rapid. A Brooklyn New York maker of mannequins recently found its finance chief unable to make a routine online payment to a foreign vendor. A check of the bank failed to show up any problems at their end. The company determined the problem was a virus at their end, and cleaned up its computers within 24 hours. But the damage had already been done.
Cyberthieves had made off with $1.2 million dollars, wiring a series of nine $150,000 transactions to each of three major U.S.banks (Bank of America, Wells Fargo, and J.P. Morgan Chase) and one in China. Within five days the firm had managed to recover about two-thirds of the funds lost. But the last third required a lot of hard work, connections, calling on friends and putting pressure on two of the banks, in addition to calling in the FBI and the NYPD. Within 15 days, the firm had reclaimed only about $1.04 million. The rest remains unaccounted for.
The article points out that while smaller firms rely more on standard protections like firewalls and antivirus software, larger companies have the advantage of much more sophisticated (and costly) theft preventions systems. As one Gartner analyst notes, “When you’re smaller, you’re more focused on executing the business, as opposed to IT efficiencies.”
The article highlights a few things small business owners can to do protect themselves, including:
- Pay for protection: Invest in reliable controls for at least one computer and use it to make all financial transactions.
- Use human backup: Require your bank to get verbal authorization for over a certain daily volume of transactions.
- Insure your assets: Buy insurance (the victim noted bought a $1 million policy for a cost of $13,000 to cover any losses from computer fraud). Hackers are always refining their skills.
- Know whom to call: Make a list of those to contact immediately should a breach occur, such as your bank’s security team.
Take stock. It’s the world we live in, in business today.