Organized crime rings are using brains, not brawn, to target small businesses and steal critical data. Protect your business by putting these 11 security measures into place.
Organized crime has always been known to be all about muscle … but even the bad guys have evolved. Seems organized crime syndicates have discovered that more money can be made in less time with less hassle simply by employing brains over brawn.
As technology and technology skills have evolved, it’s become painfully easy to employ hackers to break into small businesses’ networks and seek out sensitive data and personal information.
Meet the members of your friendly neighborhood crime ring:
Programmers: skilled technicians who write and code viruses that target a business’s network PCs.
Carders: specialists in distributing and selling stolen card data and sometimes transferring data onto blank “white cards” then embossing them with foil in order to create exact clones.
Hackers: black-hat intruders who look for and exploit vulnerabilities in networks.
Social engineers: scammers who may work with psychologists who dream up the different scams and then con victims via phone, phishing or in person.
Rogue systems providers: unethical businesses that provide servers for criminals.
Money mules: often drug addicts or naïve Americans who buy items at retailers with stolen credit cards. Some mules ship products, and others launder money. Mules may be from a foreign crime syndicate’s nation and travel to the U.S. to gain employment within an organization and open bank accounts to store money until transfer.
Bosses: in charge of the entire operation. Bosses delegate, hire talent and make all the money.
Why Target Small Businesses?
Organized criminal hackers all over the world use sophisticated hacking tools to penetrate databases that house a small business’s client data. In general, they’re seeking:
- Social Security numbers
- Credit card numbers
- Bank account information
- Home and business addresses
- Birth dates
- Email addresses
Why do they do it? Simple—their primary motivation is to get paid. They accomplish this by opening new lines of credit or taking over existing accounts. Transactions include making charges to credit cards, initiating electronic fund transfers or using email addresses for large phishing or spear phishing campaigns.
How Hackers Hack
Hackers are the bad guys who use penetration-testing tools—both legal and illegal—that are available commercially or only available on the black market. Their tools come in different forms of hardware and software that seek out vulnerabilities within a small business’s network.
Vulnerabilities may be physical, as in facilities vulnerable to intrusion, or may be people who are vulnerable to social engineering. Virtual vulnerabilities exist in a business’s Internet connection (whether wired or wireless), an outdated browser or an outdated operating system—any of which may be vulnerable if they don’t have updated security patches. Vulnerabilities can also be exposed via social engineering: A criminal simply gets on the phone, sends an email or shows up in person and cons a target using any of a variety of methods.
Protecting Your Data
There are plenty of ways to get taken. But there are also plenty of ways not to. The fundamentals of protecting your business’s data include:
- Maintaining updated operating systems, including critical security patches
- Installing and running antivirus, antispyware and antiphising software and a firewall
- Keeping browsers updated with the latest version
- Updating all system software, including Java and Adobe
- Locking down wireless Internet with encryption
- Setting up administrative rights and restricting software, such as peer-to-peer file sharing, from being installed without rights
- Utilizing filtering that controls who has access to what kind of data
- Utilizing Internet filters to block access to restricted sites that may allow employees or hackers to upload data to Cloud-based storage
- Possible disabling or removing USB ports to prevent the downloading of malicious data
- Incorporating strict password policies
- Encrypting files, folders and entire drives
These 11 steps are a good start. However, standard security measures are never enough. Depending on the size, scope, type of data requiring protection, compliance and regulatory environment, possible insider threats, and what “bring your own device” policies may be in place, risks and threats must be defined and prioritized. This often requires consulting a professional.
There are two considerations small businesses must take into account that go beyond a low-budget, “do it yourself” mentality:
1. Data loss prevention and risk assessment software. This type of software monitors an entire network’s activities and behaviors to seek out events that might lead to a breach and then stop them before data loss.
2. Penetration testers. These are white-hat hackers who use similar tools as black hats to seek out vulnerabilities and exploit those vulnerabilities as far as they’re allowed by the client. They might use automated tools to seek technology vulnerabilities, or employ virtual or physical social engineering. For instance, some penetration testers will test the physical security of a building during or after hours. Penetration testing involves real-world attacks that have been proven to work elsewhere, along with seeking out flaws in a business’s networks.
The worst thing any small business can do is nothing. Failure to test your networks and put layers of security in place will inevitably result in a breach. Forewarned is forearmed.
Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Social Media Security Risks for Small Business
For more than a decade, cyber criminals have launched countless attacks on banks’ online infrastructure, successfully one-upping security professionals and their clients by creating viruses that bypass existing security measures. In response, computer security companies have continuously updated their technologies to address new cyber threats. However, one major variable that technology cannot control is the human element.
- Criminal Web Mobs Responsible For Most Cyber Crime
New reports confirm what we’ve been seeing in the news; organized criminals have upped the ante. Global web mobs are tearing up corporations’ and financial institutions’ networks. According to a new Verizon report, a staggering 900 million records have been compromised in the past six years. Up to 85% of the breaches were blamed on organized
- Wireless Security:Wi-Fi Hacking Burglars Busted
In Seattle 3 men have been arrested for hacking the wireless networks of over a dozen businesses along with 41 burglaries. They are alleged to have stolen at least $750,000 in funds, computer equipment and other items. SeattlePIreported their Wi-Fi hacking techniques included “wardriving,” in which hackers mount a high-strength Wi-Fi receiver inside a car and search
- 5 ways Criminals hack your PC
Hackers are hell-bent on busting into the network of their targets. They are persistent—never giving up. When you build your defense against cyber criminals, it must be done with the idea that they WILL succeed. When you operate on this assumption rather than thinking that your anti this and anti that are all you need,
- Criminal Hackers: The Soldiers of the Web Mob
Today’s criminal hackers are very different than those who hacked for fun and fame a decade ago. Every week, I see stories about more criminals in faraway lands, making millions from various scams, emptying the bank accounts of small businesses or draining the financial reserves of entire towns. High-tech crimes can be committed by lone individuals,