Hackers target small businesses

'Puddle' phishing and more

Feeling paranoid? Think people are out to get you? If not, you're just not paying attention. Small businesses have gained the attention of large companies who lust after their buying power. And unfortunately, hackers now lust after small business for their intellectual property and customer data, and find smaller companies make easier targets because their defenses are weaker.

So says Dan Hubbard, vice president for security research at Websense, the security firm which just announced the Websense Express product line for SMB. The trend for large companies to make sophisticated security tools affordable for small companies is a trend we should all encourage.

Who says hackers target small businesses besides Websense? How about Visa? According to the credit card company, since 2005 small businesses represent less than 5% of exposed accounts but have been the source of 80% of identified data security compromises (I don't now how they define "small business," so it may be companies with up to 1,000 employees). You know the reason: small businesses don't have the security expertise in house to protect themselves. And crunched budgets often stop businesses from adequately defending themselves even when they know they should.

Hubbard says his company's research shows phishing attacks have moved from the big national companies down to neighborhood credit unions and small banks. Quaintly known as "puddle" phishing, these attacks prove spam must be cheap, because the phishers will launch millions of messages to get a bite from a customer of a small financial services company with only a few thousand accounts.

Websense says some of the technical managers it has talked to at banks and credit unions don't know enough about phishing, and even those that do often lack a plan to contact and reassure customers and handle questions when they are victimized.

Even small retailers have value to hackers. Take a look at, say, a liquor store. They do thousands of transactions every week or two. If the store installed its own wireless network with poor security, hackers can sit outside and capture customer data in real time. If they snag one complete transaction, they have a stolen identity in their pocket. They might have done this in the past by dumpster diving and hoping to find credit card receipts, but sitting in the parking lot keeps them smelling better. The fact that most printed receipts today include only a part of the credit card number adds another reason hackers eavesdrop rather than dive.

Midsize companies in industries full of intellectual property, like aerospace firms, get targeted as well. Stolen data gets sold to competitors, often overseas.

While I've never been a big fan of tight Web surfing controls on employees, believing managers should manage rather than trust software, hackers may force me to reconsider. Websense reports Web browsers are the preferred entry point for viruses and worms now, taking over from e-mail payload delivery. Stopping employees from surfing to gambling sites, for example, cuts your exposure considerably.

But you need surfing security even when you block every suspect site, because well known national sites get compromised. Hubbard says one of the sites for the last Super Bowl turned into a hacker tool for a while the day before the big game. Oops.

What can small companies do? Outsourcing Web hosting, especially e-commerce sites, turns security management over to professionals (for the server but not necessarily your applications). Treat every byte of customer data like money, because if you lose it, you will pay and pay and pay. Too many small businesses believe "common sense" can protect their customer data. Not only is that not true, but even if it worked, common sense remains in short supply.

Websense licenses its products on a per-seat, per-year basis. In the U.S., the cost is $20.50 each for 1-250 users. Over 251, and the price drops to $15.50 per seat. Prices also drop with longer contract times and more licensed users.

Is it a shame we have to worry about attackers targeting data and customer information every minute of the day? Yes. Will life get easy in the next year or two? Not really, so bite the bullet and protect yourself if you've only been using the "cross your fingers" method. If you do have strong security systems in place, check them regularly.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

James E. Gaskin

Network World
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?