Do Hackers Really Target Smaller Businesses?
Totally. Sophisticated criminals use computers to scan the Internet for doors left open. Once inside, they hunt for your customers' e-mail addresses, credit card numbers or anything else they can get their hands on.
A hacker is someone who is trying to break into your computer for some unauthorized and nefarious purpose. They are the Internet equivalent of break & enter criminals.
There are three common kinds of hackers that attack small businesses.
Type 1: Vandals
These kinds of hackers do their evil just for thrills. In one case in 2002, hackers scanned the Internet for a weakness in Microsoft SQL server and installed the so-called "slammer" virus. Microsoft SQL Server is commonly used by small, medium and large businesses but not commonly used on home computers. So the hackers exploited thousands of business computers and programmed them to spew out meaningless Internet transmissions that brought those businesses, and most of the Internet, to their knees. Note: Microsoft has since plugged the security hole that these hackers exploited.
Type 2: Hijackers
These kinds of hackers look for e-mail servers that are not properly set up with safeguards. Most home users don't have e-mail servers and for the most part, larger businesses are properly protected, so that leaves small and medium sized businesses as their prime target. When they break into your computer, they use it to send out tens of thousands of "spam" e-mails for dubious products and/or outright scams that no legitimate Internet Service Provider would permit them to do. They obviously don't care if the source is traced back to you.
Type 3: Identity thieves
Identity thieves are looking for your customer files so they can steal names, addresses and other personal information. If there are credit numbers, that is a spectacular bonus. The identities of your customers are used to fraudulently obtain credit cards from aggressive but legitimate credit card companies. The names and personal information are legitimate, so the companies issue the cards. The big companies have ultra- tight security, so that once again leaves small and medium sized businesses as the prime targets for this kind of hacker.
Hackers are counting on businesses like yours to make mistakes in the way their computers are set up and protected. It's very easy to make mistakes or be unaware of a problem. For example, a simple mistake is leaving "ports" open on your server. If you don't know what a port is or don't remember explicitly closing them all, then your computer is probably exposed.
Another example is maintenance related. The "slammer" virus exploited a weakness in a Microsoft product that had probably been there for a long time. But since no one had exploited it, no one knew it needed to be plugged. When it was discovered, Microsoft moved quickly to make a "patch" available for their product. But there is no way the average small business owner would have known that a patch was required unless he or she already had the problem or heard about it in the media.
The really annoying part of this whole subject is that these hackers are costing honest business people like you. You are just trying to employ people, serve customers and make a reasonable profit for your risk and effort. Your computers are probably just tools and not really your main business.
The good news is that protecting yourself from hackers is a very easy and inexpensive. But you need to know what you are doing and you need to realize that it is an ongoing maintenance issue, not just a one-time project. |