There are a lot of threats to small business security of data. Many of these are standard across all industries and types of business. Others are specific to a type of business or service provider. What is common across all of this is that having some knowledge about your threat surface and being able to articulate that and address the most common areas of concern will help any size business prepare to defend themselves. Because, believe it or not, there is a cyberwar currently being fought and everywhere you exist in cyberspace is part of that battle. It’s like living in Afghanistan and not thinking you need to pay attention to whether or not you lock your door or where you walk at night or how you dress. It matters. It seems like the message is starting to get across to many SMBs. Most recent polls show that more small businesses are worried about cyberattacks now and less about internal and authorized users. Granted, they are only about 3% points difference, but a few years ago cyberattacks were at the bottom of concerns for SMBs. One of the exponential differences in attacks is that cybercriminals continue to get smarter about who to attack and their attack vectoring. Many recent exploits are going after firms who work with lots of data and firms that deal with other people’s money. Imagine a medium sized law firm that does real estate closings or a mortgage company and all the data they have. Now, these small firms may not have a lot of money but they have data about who has it, where it is, banking information and much, much more. These small companies do not expect to be targets but they are prime examples of perfect targets. So, SMBs are aware of the problem (more now than ever) but the trend is not changing in a position direction. Where are we failing? The truth is that hackers utilize ever more sophisticated attacks. In war, you don’t tell the enemy how you are defending but in cyberwar, the enemy has the same defense mechanisms that the SMB has and knows how to defeat them. But more importantly, there is sheer volume to approach. If a hacker uses a botnet to blast out millions of email messages that look real. It only takes a very small percentage of hits (installed malware, trojan or bot) and this approach makes it worthwhile to the hacker. In addition, the cybercriminals are always looking for new ways to get your information. A recent hack of osCommerce allowed an iFrame injection hack of nearly 400,000 ecommerce sites. This is a great example of how small business contributes to making it easy for hackers to make money. The real issue with this is that osCommerce is a free open source platform. The version being exploited was an older version. Developers and site owners should have been upgrading but they would have had to rebuild their sites and that was too much work and too expensive. Instead, 400,000 sites were infected with an iFrame that allowed hackers to capture all of the information of anyone shopping on the site (credit card number, name, address, CVS, phone number, email). These small businesses with online shopping who were too cheap and lazy to upgrade their shopping cart put you , me and everyone else at risk. Work with your vendors, partners and bank to make sure you are protected and that your partners, suppliers and bank are up to speed on security and policies surrounding secure computing. Use our Check List as a general guide and let us know if you have any questions.