Another day, another corporate data breach. Today, Reuters reported that AT&T reached out to about 1,600 customers, informing them that a now-fired employee may have gained unauthorized access to their Social Security numbers, driver's license numbers and other personal information. The AT&T incident is the latest in a string of breaches over the last several months at other major companies like Apple, Target and Home Depot.
If they didn't know it before, business owners are now aware that cybercriminals are becoming increasingly smart and sophisticated in their hacking methods, and they can target just about anyone. But smaller companies that think, "It can't happen to me," or "I'm too small for hackers to notice me," may be setting themselves up for a devastating data breach.
"Large corporations typically have a lot more money and resources to invest in IT security, whereas small to medium businesses do not have the IT staffing, resources, money or know-how to put effective security measures into place to combat security vulnerabilities," said Scottie Cole, network and security administrator for security services provider AppRiver.
"If a small business owner is responsible [for security practices], it's going to fall to the lower end of the priority list," added Eric Cernak, vice president of strategic products at specialty insurer Hartford Steam Boiler (HSB). "[The business] will have less protections in place, and [hackers] recognize that. Criminals are looking for unlocked doors."
Recent research by HSB found that more than half of all small and midsize businesses have been hacked at some point, and nearly three-quarters weren't able to restore all the lost data. The two most common methods of attack are phishing — gathering sensitive information by masquerading as a trusted website — and watering holes — installing malware on commonly used websites of a target group. These tactics, which HSB explained further in its video, "Inside a Data Breach," grant cybercriminals access to the information that leads to identity theft and stolen credit card information.
A credit card breach is fairly easy to recognize once customers of a certain company all begin reporting fraudulent charges. But by that point, a breach has already done a significant amount of damage, not just to the consumers but to the company they trusted to protect their data. Cole and Cernak shared some of the less-obvious signs your business data has been compromised, so you can act right away. [10 Security Solutions for Small Business]
Unusually slow Internet or computers. This could be a sign of a compromised machine that is sending out lots of traffic, or that malware or a virus is on the machine, Cole said. You should also look for pop-up ads (especially if you have an activated blocker) or websites that don't load properly.
A computer that appears to have been tampered with. If you turned off your computer when you left work and it's on or has windows and programs running when you return, someone may have been trying to steal important information. This is an especially likely scenario with internal data theft, such as the AT&T breach. Cernak noted that keeping your machines password-protected and encrypting any sensitive data can prevent unauthorized individuals from accessing the information.
Locked-out accounts. If you've ever been locked out of your email or social media accounts, you know it's usually because you typed the wrong login credentials one too many times. If you receive a lock-out message the first time you try to access an account (and you know you've typed your password correctly), you might have been hacked.
"This can mean that someone is attempting to brute force an account, or that an account has already been compromised and the password changed," Cole told Business News Daily.
In all of these instances, minor inconveniences that most people might ignore if the problem seems to resolve itself could be signs of a much more serious problem. Both experts advised keeping your antivirus software, firewalls and device operating systems up-to-date, and always remaining alert for any suspicious activity.
Originally published on Business News Daily.