New small business owners will naturally want to have a robust online presence. Sales and marketing can play a significant online role in a startup’s success.
But as we all know, there are potential dangers lurking around the Web. Take this stat from The Wall Street Journal: In 2010, 63 percent of cyber attacks investigated by the Secret Service and Verizon’s forensic analysis unit were directed toward businesses with 100 or fewer employees. And a whopping 95 percent of Visa’s credit-card hacks targeted “its smallest business customers,” the Journal reports.
What’s a small business to do? Be cautious right from the start and examine ways to tighten up Web security. Here’s a look at some of the dangers.
The Security Threat
We hear about hackers and the damage they create, but how do they do it? Here’s how Geoffrey A. Fowler and Ben Worthen describe the basics in the Journal story: “Financially motivated attacks typically rely on computer code that hackers plant on victims’ computers, often as attachments or links in emails sent to employees. While these malicious programs are well known to security experts, hackers tweak them frequently enough to render them undetectable to antivirus software.”
Large companies tend to have better security measures than small ones, the story explains, using AT&T’s “command center” that tracks network traffic as an example. “Smaller companies are less likely to grasp the security threat. A 2010 survey by the National Retail Federation and First Data Corp. of small- and medium-size retailers in the U.S. found that 64 percent believed their businesses weren’t vulnerable to card data theft and only 49 percent had assessed their security safeguards.”
The shift toward cloud technology for data storage has plenty of potential benefits for small businesses. But there’s also an issue of trust that can introduce problems. Sara Angeles examines this in a story for Business News Daily, noting that the cloud provider “does everything from performing all updates and maintenance to managing security.” She writes that this access could come back to haunt the business, quoting Steve Santorelli of an Internet security research group.
“The downside is that you are abrogating responsibility for your data,” Santorelli tells Angeles. “Someone else has access to it and someone else is responsible for keeping it safe. … No business is ever going to be as rabid about looking after your data as you would or should be. They are in the business of making money from you, after all. Securing your data sometimes becomes a marketing mantra more than a way of life.”
This is an especially tricky form of hacking. It involves an email that appears to be from your own business, or a website you often frequent, according to a story by Parija Kavilanz for CNN Money, which includes commentary by Anirban Banerjee, co-founder of StopTheHacker. By clicking the email link and going to the fake page, it allows hackers to “attach malware to your browser,” Kavilanz writes. “They’ll verify your email address and check your browser history,” Banerjee says.
The next step is where it gets scary, and could lead to the theft of banking information. As Kavilanz writes, “If you logged into your online bank account just prior to the attack, for example, cybercriminals might send a fraudulent email saying you need to change your password for security reasons. … Additionally, hackers can use your online activity to determine which social networks you use and where you shop most frequently, and then send more phishing emails that look like they’ve originated from those sites.”
Any small business owner should investigate the domain name possibilities before a company launches. Securing the business name and the various .com, .net and .org sites is crucial to avoiding potential confusion. A great example comes courtesy of Fast Company, which detailed someone buying guysamericankitchenandbar.com. That happens to be the name of the New York restaurant owned by Guy Fieri, the spiked-hair host of “Diners, Drive-Ins and Dives” on Food Network. The bitingly comical fake site (now defunct) included a fake menu that went viral, with such dishes as the “Honky-Tonk Double Barrel Meat Loaded Blast,” described this way: “A Sammy Hagar lookalike pushes your face into a leather bag filled with oil and if you eat the whole thing you get to eat a 13 pound burger.”
Many on the Web applauded the humor. But if the TV chef’s team had secured the right assortment of Web addresses, it could have spared some embarrassment.
Social Media Hacking
Many of us have seen strange moments on social media, like when a friend makes a strange remark or sends a nonsensical link on Facebook. As much as social media plays a role in day-to-day life and business, it’s important to know that the possibility of being hacked exists. Take this story by Josh Constine for Techcrunch.com, which speculates that a major Facebook hack may be inevitable.
“It’s not if, but when,” Constine writes. “Between crooks, hackers and foreign governments, Facebook probably can’t avoid a serious user data breach forever. When it happens, Facebook may never be able to quiet fears that ‘personal data isn’t safe there.’ That could cause a chilling effect on sharing, jeopardize its future in commerce, and cut short its lifetime.”
Given the benefits of advertising on Facebook, this could be especially damaging for small businesses. Constine describes the social network as “a value exchange.”
“It offers a free, powerful, unified communication tool, and to access it, users trade in their data and allow Facebook to monetize it through advertising and other methods,” he explains. “But that exchange requires that we trust Facebook to keep our private data safe. If that trust is shaken, adding your most private thoughts, media, contact info, and financial data becomes more of a conscious decision about risk.”
To keep a business running free from computer viruses, there are a number of important steps to take. Arif Mohamed describes several in a story for ComputerWeekly.com.
- Passwords: Employees should use “strong” passwords, Mohamed writes. These should include letters and numbers, and should not be shared or displayed.
- Email attachments: Only open attachments from sources that are trusted.
- Be responsible: Employees should “use the web responsibly, and stay vigilant when contractors and outsiders are in the office,” Mohamed says.
- Monitor access: Be wary of people using “memory sticks and other plug-in devices,” which Mohamed says “can be used to steal company information.”
- Antivirus software: Find the right solution to “catch viruses and Trojan horse programs; antispam software to control spam which could contain malicious code or links to hacker web sites; and antiphishing software to detect financial hacking techniques,” Mohamed writes. “The software security system should also have a desktop or a server-based firewall program that monitors your Internet connections; and encryption technology to protect email and other traffic, particularly for wireless networks.”