As if worrying about the economic climate was not enough for small business owners, a new report shows small businesses are expected to become an increasing target of cyber attacks.
According to Mountain View, Calif.-based Symantec, (NASDAQ: SYMC) there’s been a rise in the number of attack toolkits readily available online, making it easy for just anybody to create a computer attack or malicious Web site.
Small business owners, because of their financial position, are becoming a priority target for computer hackers, said Kevin Haley, director of Symantec Security Response. “Small businesses are very attractive because they have more money in a bank account than consumers,” he said. “The volume of attacks they are seeing has gone up in recent years.”
Hackers attacking small business are looking to clean out their bank accounts, which could easily mean an end of their business altogether.
Cyber attacks on small businesses vary, but one of the more popular methods involves a thief purchasing a toolkit online to create a piece of malware that sits silently on an owner’s machine and captures private usernames and passwords used when logging into a specific Web site like a bank account. Hackers can also alter a Web page to look like a bank’s official homepage and get the small business owner to login and capture private usernames and passwords.
While these attack methods aren’t new, Haley said there has been an “explosive growth” in the number of attacks because you no longer need to be a computer genius to become a hacker.
“Every year these toolkits proliferate. It allows a lot people that aren’t geniuses to get into the game,” he said, noting that without the toolkits, the attacks wouldn’t be at the level they are today. The toolkits “have made it so almost anybody that wants to be a cyber-criminal can.”
So what can small businesses do to fend off the attacks? According to Haley, small business owners need to have computer security software that is updated regularly and security policies in place to educate the employees what is appropriate use of a company computer. “Users tend to see security policies as annoying and getting in the way,” said Haley, noting that if the business owner doesn’t explain why the security policies are in place, employees will find ways to work around them.
Haley also suggested owners use one computer that has maximum security software to access bank accounts and that machine shouldn’t be one that is used for general Web surfing or reading e-mail. “The machines they do banking from are the ones they want to protect the most,” he said.
Haley noted that while small businesses are vulnerable to attacks, many don’t invest in the necessary security software, saying many wait until something happens before they do anything. “That may be a good way to put themselves out of business,” he said. “Small businesses need to take this seriously as a risk to their businesses.”