Hacking a big danger for small businesses
It’s not just big businesses like JPMorgan Chase, Target and Home Depot that get hacked. Small companies suffer from intrusions into their computer systems, too.
The costs associated with computer and website attacks can run well into the thousands and even millions of dollars for a small company. Many small businesses have been attacked — 44 percent, according to a 2013 survey by the National Small Business Association, an advocacy group. Those companies had costs averaging $8,700.
JPMorgan Chase said the attack on its computer servers this summer compromised customer information from about 76 million households and 7 million small businesses. Target, Michaels Stores, Home Depot and Neiman Marcus have also reported breaches.
MBA BY THE BAY: See how an MBA could change your life with SFGATE's interactive directory of Bay Area programs.
Typically, businesses must have a computer expert find the source of the attack and systems have to be purged of harmful software like viruses. When websites are shut down, revenue can be lost.
Making matters worse, if customer data was breached, companies often must pay to notify each person or business affected.
Small businesses are particularly vulnerable to attacks because many owners believe they don’t have the time and money to invest in software programs or consulting services to make systems more secure.
Many businesses are ignorant of risks they face or possible solutions, says Jeff Foresman, a consultant with Rook Security, an Indianapolis computer security company. They may not realize an attack can happen from a seemingly harmless source. For example, a perfectly normal-looking e-mail from a friend’s computer that was attacked without the owner’s knowledge could lead to trouble.
“They don’t know what they don’t know. They don’t understand the sophistication of these attacks,” Foresman said.
Berkeley Varitronics Systems in New Jersey had its bank account hacked and $50,000 was taken, CEO Scott Schober said. He got the money back, but considers the incident a lesson. He had already invested $50,000 in security for his own systems and plans to add another $20,000.
Schober believes his company was attacked through its bank because its business is computer security.
“We are a target. Thieves like to send that message,” he said.
No system is hacker-proof, but there are steps, some of them inexpensive, businesses can take to shore up defenses and mitigate damage:
• Hire computer security consultants to evaluate computers and websites and suggest ways to protect them.
• Buy insurance to cover financial losses. Premiums can be as low as $1,000 a year for $1 million in coverage.
• Install free antivirus and antimalware software available online. Also add firewalls.
• Make sure e-mail is secure by using an e-mail provider that has proper security systems.
• Avoid theft of customers’ credit card information by using a separate company to process orders. The company should guarantee that its systems are secure.