BiS: BusinessInSavannah.com - Business news for the creative coast.

Hackers’ delight: Businesses put selves at risk for invasion

By Joyce M. Rosenberg

Associated Press

NEW YORK — Randell Heath isn’t sure how hackers got into his company’s website — all he knows is a supplier called, saying the site had become an online store selling Viagra and Cialis.

The problem might have been at the company that hosts the site. It might have been that Heath’s passwords weren’t strong enough. But the invasion taught Heath a lesson computer experts say many small business owners still need: Keeping your company’s computers and online sites safe isn’t a one-time operation, but requires continual vigilance as new kinds of attacks emerge.

The chances of a small business being invaded, of having computers, smartphones, tablets and even bank accounts hacked because of poor cybersecurity, are rapidly growing. And some of the very things small businesses are encouraged to do to make themselves more visible, like having blogs, can also make them more vulnerable.

Symantec, a maker of computer security software, analyzed threats and cyberattacks its network encountered and found 43 percent of all cyberattacks in 2015 targeted small businesses.

Invasions that render a computer’s files unusable unless the user pays a ransom have also surged.

The costs of an invasion can be steep. Heath, the president of a Utah-based company, estimates he lost $10,000 in business because the site was down. He didn’t have to pay to have the website rebuilt, because his business was part of an incubator where tech help was available for free. But recreating a website could run a business well into the thousands of dollars.

Many owners believe they don’t have the resources — human or financial — to keep their companies safe, which takes keeping up with frequent security updates for software and equipment.

But there’s a bigger problem: owners’ willful ignorance, says Diana Burley, a professor at George Washington University whose expertise includes cybersecurity.

“You don’t necessarily understand how vulnerable you are, because you think, why would someone target me? I don’t have that much in assets, I’m not lucrative, why would I be a target,” she says.

Some owners don’t pay attention to notices about patches or updates from computer or software makers, Burley says. Those downloads often contain security improvements because tech companies have discovered problems that make their products more vulnerable to attack.

One solution many small businesses use is to hire a company that monitors computer systems and/or websites and makes sure they stay up to date. The cost for many small enterprises can be several hundred dollars a month.

But computers can still be vulnerable. Owners often don’t take the simplest precautions such as making sure passwords they and their employees use are hard to find or guess for thieves using computers called bots that search for vulnerabilities, says Rick Hogan, CEO of Bleevit Interactive, a website design company based in Reston, Virginia.

But many problems have solutions. Setting up a virtual private network, or VPN, can make it safe to conduct your business over public Wi-Fi, suggests Aaron Hanson, a product marketing executive with Symantec. A VPN allows information to be sent so it can’t be read by cybercriminals that might intercept it. Owners should also investigate an app or plugin before they download it, and emphasize — again — that employees shouldn’t click on unfamiliar links or attachments.

Businesses can also back up their data with a security company that could restore most, if not all, of their files in the event of ransomware or other attack.

David Cingari reaped the benefits of backing up a year ago, when an employee at his catering company came in around 7:30 a.m. to find her computer was taken hostage by ransomware. When she logged in, she got a notification her files had been encrypted, or locked up so they couldn’t be read, and that it would take paying a ransom to get them unlocked.

But Cingari quickly called the company that maintains his systems. Technicians replaced his files with safe ones backed up offsite. Instead of losing $30,000 in sales and the cost of being robbed of all its information, the company was back in business around 10 a.m.

Comments