How hackers target small businesses
4 ways to lessen your risk of a cyberattack.
Sean Etesham and Richard Idigo are two of the sharpest young men I have met in quite some time, so the cyberhack that these entrepreneurs experienced one recent day shocked us all.
October was National Cybersecurity Awareness Month, so a few weeks ago I was asked by executives from the Microsoft Store to participate in a video demonstration in Los Angeles to show just how vulnerable most small businesses are to cyberattack. Sean and Richard, Microsoft Store customers, agreed to participate.
A couple of years ago, Sean was a senior at California Polytechnic State University in Pomona, on his way to getting his Ph.D. in physics when he got a big idea. Sean called up his friend Richard to see if he would be interested in Sean’s brainstorm – starting an online vegan bakery that would use a subscription model. Richard, who had recently graduated from Cal Poly with a degree in math and computer science (as I said, these guys are uber smart), would be the chief information officer and Sean would be the CEO.
From its start, the business – Quants Bakery – was a hit. Their plant-based chocolate chip cookies, brownies, croissants, etc., are delicious and the business is eco-friendly from top to bottom. No wonder 5’Oclock Hustle says, “Quants Bakery is turning the vegan baked goods industry on its head.”
The entrepreneurs also take cybersecurity super seriously. Says Richard, “We hired a third-party vendor to handle security and we thoroughly vetted them first. On top of that, we use a Virtual Private Network (VPN) in order to hide our IP addresses and encrypt our internet connections. So yes, we really believe in security.”
When the Microsoft Store asked them to be part of the demo, they readily agreed, thinking it would confirm their site was safe and secure. Does that sound familiar? Most small business owners either assume their site and data is safe, or they simply ignore the potential for problems. Both are mistakes.
There are all sorts of ways the bad guys can get log-in credentials and oth- er critical data from your business – they can send you a fake phishing email that looks legit (for example, the hackers will incorporate some personal info that they easily found on social media) or have you click on an innocuous link that is in fact infected with malware, or covertly install key-logging software on your computer that allows them to see what you type, and worse.
On the day in question, what Sean and Richard didn’t know was that Microsoft Store security expert Eric Leonard had “spoofed” their website; that is, he had duplicated the site with the exception of one little letter in the URL that was unnoticeable – quantsbakery.com became quantbakery.com.
Logging in to the spoofed site gave the “hacker” everything he needed to potentially compromise the business. “I’m really glad this is a demonstration and not a real thing,” Sean says in the video, shaking his head.
Most small businesses are incredibly vulnerable to a cyberhack. With the hackers getting ever more sophisticated, the risks are greater than ever: More than half of all cyberattacks are now directed at small businesses, according to a 2017 cybersecurity report by the Ponemon Institute. So what is a smart smallbusiness owner to do? Enable two-factor authentica
tion: This means that after you login to a site, you receive either an email or a text with a code (the second authentication.) You enter that code to get in. Cybercriminals cannot duplicate that. Get security training for your
staff: They need to know what a phishing scam is, what to look for, and what your cybersecurity protocols are. Install a cybersecurity software
suite: Solid choices include McAfee, Symantec, Bitdefender, and Trend Micro. The average cost is about $50 a year. You need a good teammate who
knows security: Beyond Microsoft Store experts and those attached to other computer hardware and software makers, options include hiring a techie expert or using a third-party vendor.
Once you’ve taken these steps, you and your employees will have earned some tasty treats.
Steve Strauss, @Steve Strauss on Twitter, is a lawyer specializing in small business and entrepreneurship . The views and opinions expressed in this column do not necessarily reflect those of USA TODAY.