Small companies growing targets for cyberattacks - Albuquerque Journal

Small companies growing targets for cyberattacks

NEW YORK – Randell Heath isn’t sure how hackers got into his company’s website – all he knows is a supplier called saying the site had become an online store selling Viagra and Cialis.

The problem might have been at the company that hosts the site. It might have been that Heath’s passwords weren’t strong enough. But the invasion taught Heath a lesson that computer experts say many small-business owners still need: Keeping your company’s computers and online sites safe isn’t a one-time operation, but requires continual vigilance as new kinds of attacks emerge.

“I’m planning on attending a ‘Cybersecurity for Small Business’ briefing,” says Heath, president of Coldsweep, a Mountain Green, Utah-based company that uses dry ice to clean surfaces.

The chances of a small business being invaded, of having computers, smartphones, tablets and even bank accounts hacked because of poor cybersecurity, are rapidly growing. And some of the very things small businesses are encouraged to do to make themselves more visible, like having blogs, can also make them more vulnerable.

Symantec, a maker of computer security software, analyzed threats and cyberattacks that its network encountered and found that 43 percent of all cyberattacks in 2015 targeted small businesses.

Just from 2014 to 2015, Symantec saw a 36 percent increase in new malware and a nearly 80 percent increase in new variations of the malware targeting Android users. The company also counted one instance of malware in every 220 emails, a bigger risk than one in 244 in 2014. And even after all the warnings, a primary culprit was attachments or links that employees click on, allowing hackers to damage or delete files, track a user’s actions or steal data like passwords.

Invasions that render a computer’s files unusable unless the user pays a ransom have also surged. Cybercriminals who use this method are aggressive – one variation of ransomware attacked an estimated 100,000 computers a day within weeks of its release last year, according to the FBI.

The costs of an invasion can be steep. Heath estimates he lost $10,000 in business because the site was down. He didn’t have to pay to have the website rebuilt because his business was part of an incubator where tech help was available for free. But recreating a website could run a business well into the thousands of dollars.

Many owners believe they don’t have the resources – human or financial – to keep their companies safe, which takes keeping up with frequent security updates for software and equipment.

“The CEO is also the marketing person and also the (information technology) person. They simply don’t have the wherewithal to manage computing platforms day to day,” says Tom Desot, chief information officer at Digital Defense Inc., which helps companies protect against cyberattacks.

Desot estimates that a company with 30 to 50 employees might have to spend upward of $50,000 initially to give all its equipment the best possible protection, which includes sophisticated software and firewalls to keep intruders out, and then thousands each year to keep their security up to date. Smaller companies would have a much lower expense, but many owners still shy away from a cost that can seem prohibitive.

But there’s a bigger problem: owners’ willful ignorance, says Diana Burley, a professor at George Washington University whose expertise includes cybersecurity.

“You don’t necessarily understand how vulnerable you are, because you think, why would someone target me? I don’t have that much in assets, I’m not lucrative, why would I be a target,” she says. “We operate in an environment of complacency.”

Some owners don’t pay attention to notices about patches or updates from computer or software makers, Burley says. Those downloads often contain security improvements because tech companies have discovered problems that make their products more vulnerable to attack.

One solution many small businesses use is to hire a company that monitors computer systems and/or websites, and makes sure they stay up to date. The cost for many small enterprises can be several hundred dollars a month.

But computers can still be vulnerable. Owners often don’t take the simplest precautions, such as making sure passwords they and their employees use are hard to find or guess for thieves using computers called bots that search for vulnerabilities, says Rick Hogan, CEO of Bleevit Interactive, a website design company based in Reston, Va.

A weak password and a lackadaisical approach to website maintenance allowed hackers to break into the site of one of Hogan’s clients, a family-owned restaurant business. The criminals created additional pages of pornography that showed up in search results and the intrusion went on for months because the owners didn’t check their site. Hogan’s company cleaned up the site, but the damage to the restaurant’s reputation persisted – its website address was flagged as pornography.

“We couldn’t put a link for them on Facebook for six months,” Hogan says.

Many owners don’t consider when they download software or apps for their phones and tablets that those could contain malware. Even on a legitimate website, thieves sometimes attach invasive programs to ads. And using public Wi-Fi – convenient, but usually lax on security – makes it easy for hackers using scanners to steal information if people log into email or bank accounts.

But many problems have solutions. Owners can start by looking for the same kind of briefing Heath sought out. Setting up a virtual private network, or VPN, can make it safe to conduct your business over public Wi-Fi, suggests Aaron Hanson, a product marketing executive with Symantec. A VPN allows information to be sent so it can’t be read by cybercriminals that might intercept it. Owners should also investigate an app or plugin before they download it and emphasize – again – that employees shouldn’t click on unfamiliar links or attachments.

Businesses can also back up their data with a security company that could restore most if not all of their files in the event of ransomware or other attack.

David Cingari reaped the benefits of backing up a year ago when an employee at his catering company came in around 7:30 a.m. to find her computer was taken hostage by ransomware. When she logged in, she got a notification that her files had been encrypted, or locked up so they couldn’t be read, and that it would take paying a ransom to get them unlocked.

“I just freaked out,” recalls Cingari, owner of David’s Soundview Catering in Stamford, Conn. But he quickly called the company that maintains his systems. Technicians replaced his files with safe ones that had been backed up off site. Instead of losing $30,000 in sales and the cost of being robbed of all its information, the company was back in business around 10 a.m.

“That made it so effortless,” he says.

Albuquerque Journal and its reporters are committed to telling the stories of our community.

• Do you have a question you want someone to try to answer for you? Do you have a bright spot you want to share?
   We want to hear from you. Please email

Nativo Sponsored Content

Ad Tango

taboola desktop


NMSU leads the way in managing carbon for the ...
ABQnews Seeker
Trees and plants are nature's best ... Trees and plants are nature's best ally for capturing and sequestering carbon dioxide, and New ...
Santa Fe butcher shop adds production facility in Alaska
ABQnews Seeker
A Santa Fe butcher shop and ... A Santa Fe butcher shop and meat delivery service has expanded its seafood offerings after adding a production facility in Alaska.
Energy manufacturer to bring 315 jobs near NM's southern ...
ABQnews Seeker
A manufacturer in the renewable energy ... A manufacturer in the renewable energy industry is setting up shop near New Mexico's southern ...
NM outdoor companies help build bicycle for a cause
ABQnews Seeker
Several New Mexico companies helped build ... Several New Mexico companies helped build a custom bicycle to benefit an organization that supports transgender rights ...
Everything parents need to know about the Child Tax ...
ABQnews Seeker
The expanded benefit could affect as ... The expanded benefit could affect as many as 450K New Mexico children
Small steps can lead to financial security
Stretch your paycheck by focusing on ... Stretch your paycheck by focusing on friends, family, pets and nature, not on things
New Mexico investors raise $11M for equity-driven fund
ABQnews Seeker
A group of New Mexico investors ... A group of New Mexico investors has raised $11 million - the first chunk of an anticipated $100 ...
ABQ nanotech startup wins $2M investment
ABQnews Seeker
A local startup with new technology ... A local startup with new technology that blocks infrared heat when warm while also transmitting it w ...
Publicly financed stadiums: Boon or boondoggle?
2021 city election
Voters asked to consider $50M GRT ... Voters asked to consider $50M GRT revenue bond for project
Engineering firm constantly embraces fresh ideas, new technology
Engineering firm constantly embraces fresh ideas, ... Engineering firm constantly embraces fresh ideas, new technology