Hackers target small businesses

'Puddle' phishing and more

Feeling paranoid? Think people are out to get you? If not, you're just not paying attention. Small businesses have gained the attention of large companies who lust after their buying power. And unfortunately, hackers now lust after small business for their intellectual property and customer data, and find smaller companies make easier targets because their defenses are weaker.

So says Dan Hubbard, vice president for security research at Websense, the security firm which just announced the Websense Express product line for SMB. The trend for large companies to make sophisticated security tools affordable for small companies is a trend we should all encourage.

Who says hackers target small businesses besides Websense? How about Visa? According to the credit card company, since 2005 small businesses represent less than 5% of exposed accounts but have been the source of 80% of identified data security compromises (I don't now how they define "small business," so it may be companies with up to 1,000 employees). You know the reason: small businesses don't have the security expertise in house to protect themselves. And crunched budgets often stop businesses from adequately defending themselves even when they know they should.

Hubbard says his company's research shows phishing attacks have moved from the big national companies down to neighborhood credit unions and small banks. Quaintly known as "puddle" phishing, these attacks prove spam must be cheap, because the phishers will launch millions of messages to get a bite from a customer of a small financial services company with only a few thousand accounts.

Websense says some of the technical managers it has talked to at banks and credit unions don't know enough about phishing, and even those that do often lack a plan to contact and reassure customers and handle questions when they are victimized.

Even small retailers have value to hackers. Take a look at, say, a liquor store. They do thousands of transactions every week or two. If the store installed its own wireless network with poor security, hackers can sit outside and capture customer data in real time. If they snag one complete transaction, they have a stolen identity in their pocket. They might have done this in the past by dumpster diving and hoping to find credit card receipts, but sitting in the parking lot keeps them smelling better. The fact that most printed receipts today include only a part of the credit card number adds another reason hackers eavesdrop rather than dive.

Midsize companies in industries full of intellectual property, like aerospace firms, get targeted as well. Stolen data gets sold to competitors, often overseas.

While I've never been a big fan of tight Web surfing controls on employees, believing managers should manage rather than trust software, hackers may force me to reconsider. Websense reports Web browsers are the preferred entry point for viruses and worms now, taking over from e-mail payload delivery. Stopping employees from surfing to gambling sites, for example, cuts your exposure considerably.

But you need surfing security even when you block every suspect site, because well known national sites get compromised. Hubbard says one of the sites for the last Super Bowl turned into a hacker tool for a while the day before the big game. Oops.

What can small companies do? Outsourcing Web hosting, especially e-commerce sites, turns security management over to professionals (for the server but not necessarily your applications). Treat every byte of customer data like money, because if you lose it, you will pay and pay and pay. Too many small businesses believe "common sense" can protect their customer data. Not only is that not true, but even if it worked, common sense remains in short supply.

Websense licenses its products on a per-seat, per-year basis. In the U.S., the cost is $20.50 each for 1-250 users. Over 251, and the price drops to $15.50 per seat. Prices also drop with longer contract times and more licensed users.

Is it a shame we have to worry about attackers targeting data and customer information every minute of the day? Yes. Will life get easy in the next year or two? Not really, so bite the bullet and protect yourself if you've only been using the "cross your fingers" method. If you do have strong security systems in place, check them regularly.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

James E. Gaskin

Network World
Show Comments



Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >



Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?