Small businesses can make easy targets for hackers
It’s not just big businesses like JPMorgan Chase, Target and Home Depot that get hacked. Small companies suffer from intrusions into their computer systems, too.
The costs associated with computer and website attacks can run well into the thousands and even millions of dollars for a small company. Many small businesses have been attacked – 44 percent, according to a 2013 survey by the National Small Business Association, an advocacy group. Those companies had costs averaging $8,700.
JPMorgan Chase said the attack on its computer servers this summer compromised customer information from about 76 million households and 7 million small businesses. Target Corp., Michaels Stores Inc. and Neiman Marcus have also reported breaches of their computer systems in the past year, as did Home Depot Inc., whose customers include small contracting companies.
Typically, businesses must have a computer expert find the source of the attack and systems have to be purged of harmful software like viruses. When websites are shut down revenue can be lost.
Making matters worse, if customer data was breached, companies often must pay to notify each person or business affected. In some states, they’re encouraged to pay for credit report monitoring for customers, says Matt Donovan, head of technology insurance underwriting for the insurer Hiscox USA.
In almost every state, companies must notify people when information has been breached, says Samuel Cornish, a commercial law attorney with Genova Burns Giantomasi Webster in Newark, New Jersey. Companies can also be liable for damages in lawsuits brought by customers, he says.
Small businesses are particularly vulnerable to attacks because many owners believe they don’t have the time and money to invest in software programs or consulting services to make systems more secure.
Many businesses are ignorant of risks they face or possible solutions, says Jeff Foresman, a consultant with Rook Security, an Indianapolis-based computer security company. They may not realize an attack can happen from a seemingly harmless source. For example, a perfectly normal-looking email from a friend’s computer that was attacked without the owner’s knowledge could lead to trouble.
“They don’t know what they don’t know. They don’t understand the sophistication of these attacks,” Foresman says.
Berkeley Varitronic Systems’ bank account was hacked earlier this year and $50,000 was taken, CEO Scott Schober says. He got the money back, but considers the incident a lesson. He had already invested $50,000 in security for his own systems and plans to add another $20,000.
Schober believes his Metuchen, New Jersey-based company was attacked via its bank because its business is computer security.
“We are a target. Thieves like to send that message,” he says.