One of the mindsets that causes many small businesses in Charlotte, Denver, NC and throughout the country to suffer a data breach is, “We don’t have anything a hacker would want.”
Business owners think they’re either too small for a cybercriminal to bother with or that they don’t have anything interesting enough for one to try to steal.
But the fact is that any business no matter how small or what type of industry they’re in is a target. While they may not realize it, even a small business has tons of information that can make for a lucrative hack.
43% of data breach victims in 2019 were small businesses.
Here are some of the reasons that hackers go after small businesses and why all of them have something that a hacker wants.
Why Do Hackers Go After Small Businesses?
Hackers aren’t always going to use stolen details for themselves. They’re more likely mining data that they can sell on the Dark Web. Even if they get a few dollars for a stolen password, if you multiply that times a database of 30-50 employees, it can add up to a worthwhile attack.
Some of the common selling prices for stolen data on the Dark Web include:
- $4 for a Social Security Number
- $10 for a credit card number on an account with a $1,000 – $5,000 available balance
- $25 for a compromised bank account containing $10,000+
Another reason that your business isn’t secure from attack, no matter how small, is that these “attack packages” for phishing attacks and other breaches are sold on the Dark Web. Anyone can get their hands on them and deploy millions of phishing emails, they don’t even have to know a single line of code.
It only takes a small percentage of “hits” to more than pay off for the hacker.
Here are some of the things your business has that make an attack worthwhile.
List of Employee SSNs & Other Sensitive Info
All businesses need to store sensitive employee details required for payroll. These include employees’ social security numbers, names, addresses, birthdates, and more. All of these are details that can be used for identity theft.
If a hacker can make their way into an accounting software by breaching a password or an unsecure spreadsheet of employee details, they can sell this stolen data as “identity packages” on the Dark Web.
Bank Account & Business Payment Card Details
Any size bank account can be interesting to a cybercriminal. Many phishing attacks are designed to plant banking trojans, which is malware that seeks out online banking login details.
Many businesses have business credit cards that are used for purchases, and these can be shared with employees who make purchases on behalf of their company. Often these card details are stored on employee computers in unsecure places like an address book app. This makes them an easy target for hackers that breach a mobile device or computer.
Another type of data that businesses have that hackers want are details on their customers. These can include the same types of sensitive data that can be used for personal or business identity theft, including FEIN, name, address, etc.
Companies may also store customer payment and credit information that they’ve used for credit checks. This is very useful for someone that wants to open an account posing as a company to commit fraud.
Data That Can Be Held Hostage by Ransomware
Any type of data a business has can be held for ransom via a ransomware attack. It’s estimated that there is a ransomware attack every 11 seconds.
The goal of the ransomware attack isn’t stealing the data, in most cases, it’s causing a business downtime by encrypting all their files and making their systems unusable so they’ll pay a ransom to get their data back.
29% of small businesses have had experience being attacked with ransomware.
Email Accounts That Can Be Taken Over
Another resource that small businesses have that hackers can use are their email accounts. Phishing remains the number one delivery method for malware of all types and is the main cause of data breaches.
Part of the cycle of sending out phishing is taking over legitimate business accounts and using those to send out attacks. Email providers often blacklist domains as soon as spamming is detected, this leaves hackers always looking for more domains to use to send their attacks.
Compromising a business email account allows them to send thousands, and sometimes millions of emails out before they’re found out. Plus, emails sent from a known legitimate company are more likely to be trusted and opened, increasing the chances that a phishing email will catch a victim.
Is Your Network Properly Protected from Breaches?
Rocky Knoll Technologies can do a thorough IT security assessment for your business and let you know exactly where you have vulnerabilities and how to address them.
Contact us today to schedule a free consultation. Call 704.594.7292 or reach us online.