Merchant Services Alert: Why Hackers Target Small Businesses

The bad news is that cyberthieves and hackers are increasingly focusing on small businesses because they’re an easier target that larger companies with more assets to protect themselves. The good news is that by working with a merchant services provider like Merchant Express® that’s committed to secure credit card processing, you can cut your risk of a data breach that can be devastating to your business and your customers.

According to the 2012 edition of the Verizon Data Breach Investigations Report, the vast majority of breached organizations had fewer than 100 employees. In fact, 570 of the 855 breach incidents examined in the report occurred in businesses with between 11 and 100 employees, and another 42 incidents were reported by employers with 10 or fewer workers. By comparison, employers with between 101 and 100,000 employees accounted for just 243 of the breach incidents.

There’s a very basic explanation for these lopsided statistics. According to the report, “money-driven, risk-averse cybercriminals” are opportunistic by nature and prefer to carry out attacks against larger numbers of targets in a short timeframe with little to no resistance from their victims. Small businesses offer all that and often more.

The report’s author, Christopher Porter, says small businesses don’t realize how defenseless they’ve become, especially when they’re up against the automated and industrialized attack methodologies favored by organized crime. “Hackers scan the Internet, looking for remote access services, and then try the default credentials,” he explained to PC World. “Once they gain access, they automatically install keyloggers to collect password information as it’s typed in. Then they send the information out via email or by uploading it to a server or website. They aggregate the data and sell it on the black market.”

On a more positive note, the report states that the large majority of victims (96%) succumbed to attacks that were not highly difficult, and 97 percent of the breaches were avoidable through simple or intermediate controls. “Given this, it’s not surprising that most breaches were avoidable (at least in hindsight) without difficult or expensive countermeasures,” the report concludes.

So what’s a small business to do to protect itself from cyberattacks? The Verizon report recommends three simple yet effective steps:

1. Install and maintain a firewall or ACL (access control list) on remote access services. If hackers can’t access the data, they can’t steal it.
2. Always change default (pre-set) credentials on POS systems and other Internet-facing devices to prevent unauthorized access.
3. If a third party vendor handles your firewalls and POS systems for you, monitor them to make sure they are following strictest security requirements, including the PCI DSS (Payment Card Industry Data Security Standard). The report notes that 96% of victims subject to PCI DSS had not achieved compliance.

At Merchant Express, we place a premium on secure credit card processing, so we assist all our merchants in achieving and maintaining PCI compliance. Consult with one of our trained representatives today to learn about all the products and merchant services we provide and how they can help your business meet its full potential.