Ransomware – “Why Would Anyone Want My Business Data?”
One common chorus coming from many small business owners is “Why would anyone want my business data?” They feel that their size and business type protects them from a cyberattack.
However, whether you repair shoes for a living, own an accounting firm, or have a flower shop, there is data you store that is worth a hacker’s time, and a ransomware attack is one way to lock you out of your data and steal what they need.
Ransomware attacks offer a double payoff for hackers. They can hold your data hostage, stopping your operations until you pay them a ransom. They can also steal that data and make money from it.
Thinking that you are too small to bother with or that you don’t have anything interesting can leave you more vulnerable to a cyberattack, because you aren’t putting enough protection in place.
43% of all data breaches target small and mid-sized companies, with 36% of breaches targeting companies with fewer than 250 employees.
Why do hackers go after smaller companies?
There are a number of reasons that small businesses are considered “low-hanging fruit” for hackers. These include:
- They usually have fewer cybersecurity protections in place
- They often don’t work with an IT professional
- They tend not to have a formal security policy in place
- They often don’t have common cyber hygiene, like password management or mobile device security
- They mistakenly think their data isn’t worth stealing
If you think you don’t have any data that a hacker could possibly want, read on to find out exactly what you do have that they can turn into cash.
Business Data That Makes It Worth Hacking Any Business
Employee Payroll Data
No matter what type of business you have or the size of your company, you will have sensitive employee data on hand to run payroll. This includes things like social security numbers, names, addresses, birth dates, etc.
When this information is all together, it’s valuable and can be used to forge passports, get a loan or credit card, or for other types of identity theft.
This data can be quite lucrative when sold together on the Dark Web with other information, such as a credit score. An SSN, full name and birth date for a person with a high credit score can go for $60 to $80.
Business Name & Tax ID
The information that you need to do business is also valuable to a cybercriminal. Things like your business name, address, and tax ID can be used to secure a loan in your company’s name.
Customer Data
All companies will have a list of customer data that they need for invoicing and general records keeping. This is also a case where several pieces of information grouped together can be quite valuable by selling it on the Dark Web.
Customer data that you have can include the company name, address, CEO/Owner’s name, company Tax ID or business license number, credit information, payment card numbers, etc.
Vendor & Contractor Information
Other data that is interesting to online criminals is that of vendors or contractors that you work with. This will also include many of the same types of sensitive information that you capture and store for customers. It can also include bank account numbers for wire transfers that hackers can manipulate for criminal purposes.
Lists of Login Credentials
If most companies searched each employee’s device, they would most likely find at least one unsecured list of passwords stored in an unprotected Excel file, Word document, or in the person’s contacts application.
Login credentials are like gold for cybercriminals, and hacked credentials have risen to being the main cause of data breaches, surpassing all others.
If a criminal can breach a network and gain remote access to user devices, all it takes is a quick search on “password” to bring up any of those unprotected lists of user logins.
Emails & Email Accounts
You might think that the emails you send back and forth would not be of interest to anyone outside your company. But there are a number of reasons why email compromise is a big target for hackers, and the type of company doesn’t matter.
An email address is associated with an average of 130 different online accounts, and email is often used for password resets, giving a hacker the ability to breach multiple accounts when they breach your email.
Details in email messages can also be combined to put together a data profile on a person. For example, one email with someone’s signature that includes the name, address, and phone number, can be combined with another email from that same person where they sent their bank account details to HR to have automatic deposit set up.
Hackers don’t look at each email individually, they’ll do advanced searches to find all the sensitive data they can.
One other reason that email compromise is dangerous is that when a cybercriminal gains access to a company email account, they can send very convincing phishing emails from that account to employees and customers of a company.
Does Your Small Business Need an IT Security Checkup?
C Solutions can help your Orlando area business see where you stand on your cybersecurity and offer affordable solutions to ensure you’re properly protected.
Schedule a free consultation today! Call 407-536-8381 or reach us online.