As Internet tools become an indispensable part of running a company, small businesses have increasingly become lucrative targets for cybercriminals wielding ransomware, phishing scams, and adware-like weapons, according to Alejandro N. Mayorkas, deputy secretary at the Department of Homeland Security, who spoke at the U.S. Chamber’s America’s Small Business Summit last week in Washington.
“A great hacker can get into anything,” Mayorkas told a room full of small business leaders at the annual summit. “All the hacker needs is time and resources.”
While cyberattacks can deal a heavy blow to even the largest corporations, small businesses that lack the resources to invest in cybersecurity are at an even greater disadvantage—a fact U.S. Securities and Exchange Commission (SEC) Commissioner Luis A. Aguilar publicly lamented last year. According to an SEC report, 60 percent of all data breaches in 2014 targeted small businesses.
Mayorkas said there are a few simple things small businesses owners can start doing immediately to help protect their enterprises. The first is to ensure that their employees do not accidentally provide criminals with easy access to company information. He recommended that business owners impress upon their employees how important it is not to click on strange links or open suspicious emails.
Small business owners should also warn employees to be vigilant about looking for spelling mistakes or typos in messages, which can be signs that foreign hackers are at work. “The cyber-world knows no boundaries,” he said. “A hacker could be a 17-year-old wearing pajamas in his parents’ basement in Belarus.”
In fact, it was a spelling mistake in an online transfer involving Bangladesh Central Bank that prevented cybercriminals from walking away with a total of $1 billion earlier this year. The hackers misspelled “foundation” as “fandation” in their email request, which prompted officials to stop several pending transactions.
Other simple but oft ignored tips include backing up company data regularly and changing passwords and login information every 30 days—or 60 days at the most.
“Just as your computer and devices are gateways for you to reach others, they’re also a gateway for others—it’s as simple as that,” he said.
At the end of the day, it’s imperative that even the smallest company recognizes that it’s at risk and takes steps to mitigate the risks of an attack, Mayorkas said. He concluded: “Anything you’re doing to provide revenue is of value to hackers and makes you a target. ”
For a great guide about how you can protect your small business from cyber criminals, visit the U.S. Chamber’s internet security guide here.