25/10/2011 3:01 AM IST | Updated 24/12/2011 3:42 PM IST

Small Businesses A Growing Target For Hackers

A growing number of cyberattacks are targeting small businesses, from construction companies to local grocery stores, presenting an emerging threat that government officials are trying to combat.

While attacks against large corporations like Sony and Citigroup have garnered attention this year, experts are increasingly worried about the digital vulnerabilities of small businesses, who often lack the resources to invest in cybersecurity. Forty percent of all targeted cyberattacks are aimed at companies with less than 500 employees, according to the security firm Symantec.

"With larger companies increasing their protections, small businesses are now the low hanging fruit for cybercriminals," FCC Chairman Julius Genachowski said Monday at a cybersecurity forum at the U.S. Chamber of Commerce.

Now, government officials are offering help.

On Monday, the FCC announced a new online tool, the “Small Biz Cyber Planner,” that allows small businesses to create customized cybersecurity strategies by answering questions like whether they handle credit card data or host a public website.

"This tool will be of particular value for businesses that lack the resources to hire a dedicated staff member to protect themselves from cyberthreats," Genachowski said.

While 85 percent of small businesses said they felt safe from hackers, viruses, malware or data breaches, three-fourths said they did not have formal Internet security policies and about half said they do not train their staff on cybersecurity, according to a survey released Monday by the security firm Symantec and the National Cyber Security Alliance.

Cyberattacks can be costly, with the annual price for a small and medium-sized business at about $188,000, according to Symantec.

“One data breach can mean financial ruin for a small business,” Cheri McGuire, vice president of global government affairs and cybersecurity policy at Symantec, said Monday at a forum on cybersecurity at the U.S. Chamber of Commerce.

Experts said small businesses can take several steps to ensure better Internet security, including creating stronger passwords, encrypting sensitive data, installing anti-virus software and training employees on how to securely check emails and surf the web.

In 2009, Parkinson Construction Company, based in Washington, D.C., was hacked after an employee clicked on a malicious link in an email claiming to be from the Social Security Administration. The link downloaded malware that gave hackers access to the company's database, password and bank accounts, Parkinson CEO Maurice Jones told an FCC round table earlier this year.

After downloading malware, the hackers wired $92,000 of the company's cash to nine different money mules, the Washington Post reported.

"By the time we caught up with it we were missing quite a bit of funds," Jones told the panel.

Michael Kaiser, executive director of the National Cybersecurity Alliance, said Monday that small businesses have "a misplaced trust" in their own cybersecurity. Kaiser said their vulnerability to cyberattacks represents "a significant gaping hole" in the Internet ecosystem.

Howard Hudson knows how quickly that hole can be exploited. For 28 years, Hudson, 62, has owned Country Corner Market, a community grocery store about 60 miles east of Roanoke, Va. Hudson said he installed firewalls and anti-virus software on his store's computers and felt like he was safe from cyberthieves.

“As far as we knew we were solid as a rock,” Hudson said in a phone interview.

But earlier this year, his grocery store's computers were hacked. He is still not sure how it happened, but investigators told him "some super high-tech worm" originating from overseas compromised his computers and thieves stole more than $100,000 from customer credit cards, he said.

Today, Hudson has replaced his infected computers and installed new firewalls, but he no longer feels his small grocery store is immune from the threats in cyberspace.

“The moral of the story is you cannot assume you're safe just because nothing is going wrong,” he said.

More On This Topic