You may remember the Target data breach in 2013 when cybercriminals accessed the credit card information of millions of its shoppers. Many small business owners think these crimes only affect large corporations, but they could just as easily affect local mom-and-pop shops, according to Chris Hurley.
Hurley, Vice President of IntelliSystems, a local IT company, was one of three speakers at this month’s Augusta Metro Chamber of Commerce Third Thursday Business Builder on Sept. 15.
He and IntelliSystems President and CEO, Kevin Wade and Risk Advisor, Steve Munn with MAI Risk Advisors discussed types of cyberattacks and what small business owners can do to protect themselves.
“Half of all cyberattacks are aimed at small and medium businesses,” Hurley said.
Ransomware, which involves seizing a business’s data and requiring a hefty payment before giving it back, is a common type of cybercrime. One famous example of a ransomware attack was on the Colonial Pipeline, which shut down for several days in May 2021.
“They know organizations will pay to access the information, and there’s some data you may not be able to retrieve,” he said.
Businesses that undergo these attacks often suffer many consequences, including extensive downtime, financial penalties, and loss of customer trust. Owners must also inform all customers affected by a data breach, but they usually have other legal obligations.
“Most states have legislation that requires you to report data breaches,” Hurley said.
Munn said some insurance policies can cover business losses due to ransomware attacks. But that’s only one way cybercriminals can hurt small businesses, according to Wade.
“Email account hijack is one of the most common,” he said.
Wade shared a story about a local woman whose paycheck was stolen after someone hacked into her email account. The criminal moved all her emails into a folder, found her check stub, got her direct deposit information, and diverted the deposit to his bank account instead.
These criminals also use phishing attacks to gather employee information or fake billing notices to steal company funds.
Hurley said there’s no easy solution for preventing cyberattacks.
“Cybersecurity is layered like an onion,” he said. “There is no tetanus shot for it.”
Hurley advises businesses to install an advanced firewall, use effective antivirus software and ensure all employees complete cybersecurity awareness training, among other precautions.
Munn said when attacks do occur, they’re usually caused by human error, not technological failure.
“We clicked on the email; we let them in,” he said.
Tabitha Hollimon, a local tax accountant and President of Virtual Tax & Consulting, LLC, attended the presentation and said it was a good reminder of best practices for protecting your business.
“Always be proactive, and look into coverage for your company,” Hollimon said. “It was also a good reminder to complete cybersecurity awareness training.”
Hurley and Wade want small business owners to understand that no business, regardless of size, is safe from cyberattacks.
“This is not just big companies; this is three-person companies,” Wade said.
For more information, visit intellisystems.com and mairiskadvisors.com.
