The Seattle hacker drove a black Mercedes. He owned a Rolex. He liked to frequent a downtown wine bar. While it's easy to think of cyber criminals as faceless, digital pickpockets in far-flung countries, the reality is that they are among us. In one notorious case, a bandit and his gang of cyber crooks compromised at least 53 Seattle-area small and medium-size businesses between 2008 and 2010, stealing enough data to cause $3 million in damages to the companies, their employees and their customers.
"This wasn't the type of crime that we anticipated," tech-company employee Alec Fishburne said at a news conference (where the Seattle victims agreed to be identified but asked that their businesses remain anonymous). The gang hacked Fishburne's firm from another office within the high-rise building. He became aware of the breach after noticing some unusual financial transactions. "It was very disconcerting for a small company … to wonder whether there was some internal fraud or embezzlement happening," he told reporters.
Another Seattle company was hacked after its old laptops were stolen in an office break-in; about a month later, funds were siphoned out through fraudulent payroll accounts. A third victim had the identities of almost all its employees stolen when the hacker gang cracked the company's network security. "It's enraging, because you think you have a system that's going to work," said the company's president. "These guys are really smart and ambitious, and that's a tough combination."
At least that company had a network security plan. Many others don't. According to a 2012 nationwide study of small businesses by digital security firm Symantec and the National Cyber Security Alliance (NCSA), 83 percent of small businesses have no formal cyber security plan, while 69 percent lack even an informal one. Meanwhile, 71 percent are dependent on the internet for daily operations, yet almost half believe data hacks are isolated incidents that won't have an impact on their business.
They couldn't be more wrong. According to Symantec/NCSA research from 2011--the most recent year available-- cyber attacks cost small and medium-size businesses an average of $188,242, and almost two-thirds of victimized companies are forced out of business within six months of being attacked.
It doesn't have to be this way. The best defense against cybercrime is making hackers sweat for their spoils. According to a Verizon study of data breaches in 2011, more than 80 percent of victims were targets of opportunity--which means they did not protect their Wi-Fi systems with passwords and otherwise had poor security, if any at all. So make yourself a difficult target and keep your business secure with these six steps.