describe the imageA recent article posted in the online version of the Wall Street Journal (July 21, 2011) had some very sobering news for small businesses:  computer hackers and thieves aren’t targeting the data security of the big guys – they’re targeting small business instead.   Just ask Joe Angelastri, the owner of a small newstand outside of Chicago, who is featured in the article.  A malicious software program (malware)was entered onto his cash registers, sending his customer’s credit card information to Russia.  MasterCard demanded that he have the situation  investigated at his own expense, costing him about $22,000 that he’ll never get back.

Computer Viruses and Data Security Leaks Are A Growing Threat to Small Business

With larger companies putting big budgets toward thwarting such thieves, hackers see smaller businesses as fertile targets.  Smaller businesses are less aware of the complexity of this type of theft, have smaller budgets to apply toward security, and have little or no IT staffs to rely upon.  In 2009, the article reports, the U.S. Secret Service & Verizon Communications Inc.’s forensic analysis unit responded to 141 attacks, which jumped to 761 in 2010.  A full 63% of these involved companies with 100 or fewer employees, up from only 27% the year before.  VISA estimates 95% of credit card breaches are customers of small businesses.  If you store your customer’s information, you’re at risk.

Too Complicated to Manage

The types of attacks are numerous and varied, from hidden malware that obtains system passwords from unwary employees, to stealing the banking information of a small business’ payroll system, adding employees, and funneling their “pay” offshore.  And don’t expect your bank or credit card company to cover the cost.  Investigation and remediation costs, plus potentially losing the ability to accept credit card payments at all, can put you out of business.

Most Small Businesses Are In Denial

A 2010 survey of small- and medium-size retailers in the U.S. done by the National Retail Federation and First Data Corp. found that 64% believed their businesses weren’t vulnerable to card data theft and only 49% had assessed their security safeguards.  Don’t be one of them –  take these important precautions:

>  Be sure ALL your employees know that no one should be given their passwords

>  Regardless of how important you think an application may be, use strong passwords.  With a weak password, your credit card company can easily pin the blame on you.

>  Do your homework to research and install anti-malware and anti-virus data security programs, and have a disaster recovery process in place with regular system backups.

>  Never open attachments on emails from people you don’t recognize

>  If you’re contacted by someone you think works with your credit card processor or any systems tied into it, be sure to verify exactly who they are with a phone call.

>  Get in touch with a professional who can regularly review and update your system’s safeguards, and be sure you have someone knowledgeable to call if you have any suspicions or concerns.

To read the full article:  The Wall Street Journal