When you think of hacking, you never think it’s something that can happen to you. Hacking sounds too much like a distant headline or a plot line from a show like “Robot.” However, contrary to what you might think, small businesses and startups are actually the ideal target for hackers.
According to the United States National Security Alliance, 60% of small businesses that fall victim to an online attack are out of business within six months. On average, those small businesses have to pay $690,000 just to clean up a post-hack mess.
Small business website security is often ignored. It’s not uncommon for these companies to focus more on revenue than getting the right protection, especially when running a business with the “it could never happen to me” or “I have nothing valuable to steal” mentality. This makes small businesses an easy target.
Furthermore, small businesses typically have small or nonexistent security budgets and staff that aren’t proficient in malware protection, creating gaping holes in the security system. These flaws are exploited by digital criminals who aim to take advantage of lax company protocols.
Small business owners know their livelihood and reputation is on the line, and often do anything they can to save their business from sinking, including paying hundreds of thousands in ransomware attacks. The proof is in the profit loss. Here are five small businesses that unfortunately found out the hard way:
1. Rokenbok
This California-based company taught children how to think like engineers. At first, the company was hit with a Denial of Service attack, which shut down their website. At the time, they only had seven full-time employees. Later, they experienced a ransomware attack, but rather than pay the ransomware, they rebuilt the system from the ground up and lost thousands in the process — but learned a new lesson on website security and are fortunately still in business.
2. SmallBizDaily.com
This popular website is known for well-written articles surrounding small business topics, but became a staple lesson in small business security when it hack through an old-school technique called ”defacement.” It began when the owner of the company received a tweet informing them that they’d been hacked.
When the site was checked the next morning, it was filled with Arabic content and imagery, and gone were all the business articles they’d worked so hard to publish. They spent the next few months working with the hosting company to delete malicious code that had laid dormant. Months of work was wiped out, and the team dealt with this for much longer as old malicious code continued to surface.
After some major rebuilding — and a lot of loss — they finally prevailed. Still, SmallBizDaily considers themselves on of the lucky ones, because rather than a quiet, sneak attack, they were able to tell each time something was wrong until the situation was fixed.
3. City Newsstand – Chicago
Joe Anglesatri owned two small magazine shops in Chicago, both of which were hacked after someone unknowingly planted a software program on his cash registers. The software sent his customer’s credit card information to Russia, and MasterCard was the first to inform him of the data breach. The entire fiasco costs Anglesatri $22,000 for his two small newstands.
4. Efficient Services Escrow Group
In 2012, this escrow firm was hit with a cyber attack that would eventually force it to shut its doors. It began with a fraudulent wire transfer to Russia in the amount of $432,215. A month later, another attack sent two more transfers totaling $1.1 million to China.
The FBI had discovered that in the previous year alone, at least $20 million in fraudulent wire transfers were sent economic and trade companies in that same province of China, mostly hacked from various small businesses like Efficient Services.
The company was able to retrieve the initial $400,000 transfer from their bank, but the funds sent to China were never recovered. This meant that many of its customers who had escrow accounts were left with nothing. The California Department of Corporations gave the company three days to retrieve the funds, and shut it down when they couldn’t.
5. Lifestyle Forms & Display Inc.
This NYC-based mannequin maker is another example of a small business that was hit time and time again (which is common for hackers who get through the first time). Owner Lloyd Keilson noticed the initial signs of trouble when he kept receiving error messages during attempts to make online payments.
Turns out, $1.2 million had been stolen on several separate occasions and sent to four different banks. Keilson was able to successfully retrieve $800,000 of it, but $200,000 remains missing. The amount left unretrieved will go into a court process with the banks, though a positive outcome for Keilson is doubtful, given that security breaches are seen as a responsibility of the business owner.