Cyber Security Is Important for Small Businesses

Image courtesy of
Image courtesy of

Reposted from my column in the Portland Business Tribune.

We’ve all heard about the cyber attacks on large businesses—including Home Depot, Anthem and Target—but small businesses are actually the most common targets of online scam artists.

According to, 71 percent of data breaches happen to small businesses, and nearly half of all small businesses have been the victim of a cyber attack. Visa Inc reports that 95 percent of credit card breaches it discovers are from its smallest business customers.

Criminals are attracted to small businesses for three reasons:

  1. Due to a lack of resources, they are less equipped to handle an attack.
  2. The information hackers want—credit card credentials, intellectual property, personally identifiable information—is often less guarded on a small business system.
  3. Small businesses’ partnerships with larger businesses provide back-channel access to a hacker’s true targets.

Protecting personal information should be a high priority for any business. A data breach is not just a financial problem, but it will make customers lose trust in a business. Your customers will stop coming to you if they don’t believe their information is safe in your hands. Among small businesses that suffer a breach, a staggering 60 percent will go out of business in six months, according to Experian.

To protect your business and your customers, it is imperative you have safe-measures in place as well as a plan for recovery in the event of a cyber attack. Consider the tips below, and read Better Business Bureau’s comprehensive guide on data security for businesses at

Minimize what you save. Don’t collect or keep any information you don’t absolutely need. When information is no longer needed, make sure it is destroyed responsibly.

Restrict access. Limit access to data to only the people who need the information in order to do their jobs. Sensitive electronic information should be encrypted, and portable electronic devices should be secured. Any paper records should be locked up when not in use.

Use strong passwords. Never use the default password provided by your IT person or service provider. Each computer user at your company should have his or her own unique password. Never use simple passwords such as your name, your business name, “12345,” “ABCDE” or “password,” and never use the same password for multiple accounts. Strong passwords include a combination of numbers, letters and symbols, and they should be changed every 60 days.

Block intruders. Use up-to-date antivirus protection and firewalls. Most antivirus programs will automatically update the software as new viruses and spyware become known, but you should also run a full scan for viruses and spam at least once a week. Make sure your Internet connection is secure, and keep any guest Wi-Fi networks completely separate from the rest of your networks. Be aware that personal websites, including social networks, can be a gateway for malware and viruses; use business computers for business-only purposes.

Share with caution. Use a secure connection, such as SSL technology, when transmitting data over the Internet. Do not transmit sensitive information via email unless it is encrypted. When mailing physical records, use a security envelope, request package tracking and require the recipient to sign for the package.

Back up information. Back up data on all computers automatically, or at least weekly, including word processing documents, spreadsheets, databases, financial records and human resources files. Store backups in a secure location that is offsite or in the cloud.


National Consumer Protection Week

Your ‪BBB‬ is partnering with the Washington State Attorney General’s Office to celebrate National Consumer Protection Week from March 1-7. Below, we’ve compiled warning signs and tips on 6 of the most common scams we’ve seen affect local consumers.

Be an informed consumer; avoid scams and fraud!

1. Phishing emails ask for personal info and may contain links to malware. Antivirus software can help, but the best protection is a good sense of judgment. Legitimate companies and government agencies never ask you to confirm personal info via email.

2. Don’t fall victim to an advance-fee loan scam. Check out the company at Be skeptical of any offer where you have to pay money up front. Walk away if you’re asked for money immediately, especially if it’s supposedly for “insurance,” “processing,” or “paperwork.”

3. With overpayment scams, a buyer “accidentally” sends you a check for more than the amount they owe. They ask you to deposit it and wire them the difference. The original check turns out to be a fake, leaving you on the hook to pay the bank for any money withdrawn. Always wait for a deposit to clear before writing checks against the funds—it can take weeks to uncover a fake check.

4. Identity theft scams come in all shapes and sizes—grandchildren “stranded” in a foreign country, the hotel front desk “verifying” your credit card in the middle of the night, “charity” solicitations from groups you’ve never supported in the past. Never give your Social Security, bank account or credit card numbers to someone who has contacted you to ask for them.

winner5. In a lottery/sweepstakes scam, you get an unsolicited phone call, email or letter stating you’ve won a prize, but in order to collect the winnings, you have to wire a small sum of money to pay for “processing fees” or “taxes.” You never get your “winnings,” and the scammer has your money. You never have to pay to receive legitimate winnings. | |

6. Itinerant contractors move around, keeping a step ahead of the law… and angry consumers. They knock on your door with a story or a deal: a roofer spots missing shingles on your roof, a paver has leftover asphalt and can give you a deal on driveway resealing. Then you can’t track them down after they’ve left you with a shoddy or incomplete job. Never agree to do business with someone you haven’t researched first. Start at

Go to to find more consumer tips and free materials from government and private organizations.

The Top Cyberthreats of 2014

CyberThreats 2014

I came across an interesting article from my friends over at ThreatMetrix a few weeks ago that caught my eye—it’s the company’s annual list of what it considers the most important emerging cyberthreats for the upcoming year. I covered last year’s roundup—Cyberthreats of 2013—and was pleased/sorry to see how accurate and insightful the list was, with three of the five items making headlines during the year.

Cybercrime is an interesting phenomenon: On one end of the spectrum is a middle school girl who has her Facebook account hacked and used for cyberbullying, and on the other end is a data breach that compromises millions of credit card numbers costing victims thousands of dollars; the anonymity and scalability of the Internet makes it possible for one singular person to perpetrate both of these crimes.

So what do we have to look forward to in 2014?

The Internet of Things: The world is growing more and more connected every day—from refrigerators to cars to clothes—and the privacy and security implications are startling. Industry analysts estimate that 30 billion devices will wirelessly connect to the Internet by 2020, and while it seems silly to think that a WiFi toothbrush could steal your identity or send spam emails, the probability is increasing.

Critical Infrastructure: Think about the things that we all use on a daily basis: Water, electricity, roads… All of these services rely heavily on computer-based platforms. The battlefield has moved from reality into cyberspace and infrastructure in the United States faces cyber attacks every day. The issue has become so severe that an Executive Order to improve infrastructure cybersecurity was signed in February 2013.

Data Privacy: The National Security Administration’s PRISM program surprised and angered many Americans after it was revealed that their personal information was collected and stored. It is likely that personal information will only grow more desirable in the future—to governments and marketers—and be sought out in less-than-transparent methods.

Alternative Payments: I wrote about Bitcoins last Spring when the value hovered around $47 per Bitcoin—the current value as of this post is approximately $800 per coin—and they are practically mainstream: You can purchase a hotdog and soda at a Sacramento Kings game; buy an electric snow-cone machine from; and book your next trip into space with Virgin Galactic. However convenient and ubiquitous, these types of digital currency are still unregulated and prone to malware.

Mobile Transactions: Mobile transactions are poised to grow by 40 percent in 2014 to nearly $325 billion, but the dangers of unsecure apps and networks are very real. Check out BBB’s August 2012 article: Don’t Be Dumb with Smartphones.

Online Transactions: Just as fast as security experts can shutdown viruses and malware, new threats emerge. If the high-profile data breaches in 2013 are any indication of the future, online bankers and shoppers will need to exercise caution.

If you still don’t believe that cybercrime is a big deal—or if you’re just looking to quit your day job and become a bounty-hunter—check out the FBI’s Most Wanted Cybercriminals who have arrest rewards ranging from $20,000 to $100,000; but you have to split the bounty with me.

Full Disclosure: is a BBB Accredited Business headquartered in Salt Lake City, Utah.