Why Smaller Businesses Can Be More Susceptible to Hacks



The last few years have seen major breaches at sprawling corporations such as Facebook, Yahoo, and Marriott Hotels. The list continues indefinitely, and the total losses amount to many billions.

Between overreaching government surveillance, ISPs monitoring us, and the world of cyber-crime, online privacy continues to shrink. Today’s children will never have known the Internet of the past before the total control of tech monopolies and so-called “bulk” data collection efforts of both domestic and foreign governments. Because many of these tech giants do not adequately protect against hacking efforts, even with their massive budgets, the small to medium business owner might feel that these outcomes are unavoidable, and therefore take no proactive measures against them.

Corporation tend to ignore the signs leading up to a hack even though attacks have been steadily rising through the years. They instead prefer to mop up afterwards, and so have set a trend for poor information security. Still, these megacorporations do possess the resources to strengthen their cybersecurity, and so the online criminal element often decides to target the smaller players.

In fact, many dozens of smaller businesses are targeted each month with the attacks being launched from all over the world, many times from overseas. This is despite some smaller business owner’s argument that their small size alone is enough deterrent. They tend to imagine a hack that pulls off something more extreme, such as a ransom on their networks, but most attacks aim to steal and sell people’s data and identity.

Today’s attacks are carried out with robust yet freely available and highly automated tools such as Metasploit and the Kali Linux operating system. It is often not necessary to have knowledge of programming or the ability to write your own scripts in order to lead an effective attack against a network, and as much as 80 percent of all data breaches are a result of weak password security.

Many people and companies will reuse the same weak passwords across several sites, platforms, and networks. Once one of these is compromised, the rest tend to follow. Passwords can be compromised in any number of ways, with the weakest susceptible to simple brute force attacks or rainbow table attacks against stolen hashes (an encryption technique) of the passwords.

It is not uncommon for CEOs and owners to be unaware of exactly the password policies their management have set. Experts in information security have long emphasized that although these policies must necessarily stem from upper-management, everyone must be on-board and playing their part. Frequently changing passwords and making sure to eliminate permissions for any ex-employees right away is critical, as there are many online grey-markets where sensitive network information can be sold.

A common assumption is that an effective cybersecurity infrastructure is by its nature expensive.  A company does not need thousands in budget to make themselves at least less attractive to criminals however. Keeping online credentials private and not sharing login information between employees goes a long way.

Effective security often operates on a “need-to-know” basis. VPN services are cheap, easy to use, and grant so many benefits that not using one is a mistake. From avoiding ISP throttling and surveillance, thwarting region restrictions, and creating an encryption tunnel between you and the Internet, these services can be invaluable. Certainly you should not connect to a public WiFi without going through your VPN. Finally, many enterprises use password management apps and software, which by default provide security.