Small Businesses: Hackers’ New Victims

When talking about the threats of hackers, people tend to focus on their threats to large corporations. Included in this group of people are small business owners, who tend to take the “it can’t happen to me approach” to the issues associated with hacking. Hackers are starting to prove these small business owners wrong, as the vulnerabilities of their systems are beginning to come to light. An article in Forbes cited a study by Symantec in which they found that 40% of cyber-attacks “were targeted at small companies.” Will this be a strong enough news flash for small businesses to change their ways.

Not all of the blame can be placed on the owners, as Forbes found that many of the employees are at fault as well. The employees leave computers unattended, use easy-to-crack passwords, click on unsafe links, etc. All of these acts by employees that small business owners choose not to come down increase the vulnerabilities of their IT services.  Another interesting way in which employees make their business’s information vulnerable is by imputing important data onto their cell phones which could be lost at any time.


Small businesses have more important data that is worthy of theft than most of them think. These employees are constantly “putting critical business data at risk,” which doesn’t only effect the company itself, but their suppliers as well. If their suppliers see that doing business means putting their own information at risk, it is very likely that they will cease doing business with them. As we all are aware, small businesses are struggling to compete in the current economic situation, and having issues with suppliers can only increase that hardship which makes it seem like a worthy issue to address.

A Bloomberg article provides an example of a small company that suffered due to a cyber invasion. An online print shop company, Next Day Flyers, had client information and credit card numbers hacked from them. This incident served as a wake up call for the owner, David Handmaker, who thinks small business lack security compared to larger companies because larger companies “have more resources.” Although this is true, I would like to argue that small businesses need to start spending more on their security because of cases like that of Next Day Flyers. As we learned in our IT security lecture, IT security is expensive and does not have a direct return of investment, but I think in order to have the potential to survive, small businesses have to invest in defending their information. What do you think?



5 thoughts on “Small Businesses: Hackers’ New Victims

  1. This is an interesting blog post that is relevant to our class discussion about IT security. I think you bring up a good point about small businesses, that they often do not think they will be victims of attacks because there are larger businesses with more money. However, this mentality can be dangerous for the company. This happens to me as well (and other individuals I’m sure) because sometimes I click on unsafe links or am not very careful about logging off of sites because I do not think anyone would care to attack me. This way of thinking is dangerous for me and it is especially dangerous when others are involved – whether is your family or your coworkers or your business. It might be helpful in your blog to talk more about what other possible solutions there are. I think increasing IT security is important, but there should also be seminars at companies that teach employees about the dangers of careless actions on the Internet and the consequences their actions can have on the company. Raising awareness is an important part of the solution. I like the perspective you take by looking at how small businesses can be affected, and your title drew me in.

  2. I really liked this article because it shows how vulnerable we are for these types of hackings. Often times when a warning comes up that I may be moving to an unsafe site, I simply dismiss it and think whats the worst that could happen or don’t even think about it at all. My passwords for most of my accounts are very similar and I just assume that I am not a target. This is clearly not the case though. There is little awareness about this issue and I think this post brings some awareness to the matter. Most people would not think that they would specifically be target to a cyberhacker when they work at a small business. I really liked this post. Great job.

  3. I found this blog post to be very interesting. I like how you chose a topic related to our class lecture on IT security and expanded on the lecture. I also like how you used an articles from outside sources such as Forbes and Bloomberg, and embedded links to the articles.
    I agree that small businesses often feel like they probably won’t be the victims of online hacking because hackers would go after the bigger corporations that have more information and more to lose. However, like you mention, the bigger corporations also spend a significant amount of money, due to their increased resources, on their system firewalls in order to prevent hackers from breaking in since they have so much information on their systems. I also mentioned this in a comment on another blog, but hacking the networks of small businesses has become a type of online terrorism. There was a Russian cyber-terrorist group not too long ago that was buying credit card information and other personal information from hackers that were stealing that information from the online systems of American businesses. Investing in a the proper cyber-security is definitely something that small businesses need to focus on as more and more information and data is stored on computers.

  4. It seems to me that security should definitely be one of the top priorities of small businesses. Since they do not have the financial security that big businesses have, they do not have the money to spend on security that others do. Therefore, although it may seem like it is more important for them to focus on their business, I think that they need to “Secure their security” so that they have one less thing to worry about. It is very true what you said about how people that have these businesses tend to forget about the issue of hacking. They do create obvious passwords, or write them on notecard or post-its, a hackers dream. Investing it proper security, although it may seem pricy at first, is worth it if the company wants any chance of making it big in the long run.

  5. In a small company I can imagine how it must be hard to create a culture of tech security. Efforts are aimed at keeping the company going and growing. There is not time for HR, if there is one, to lead a security initiative to educate employees.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s