Think Your Business Is Too Small to Be a Target of Cyber Hackers?

Jarrett Kolthoff, president/CEO of SpearTip, a cyber-security and counterintelligence firm, sends an alert to small businesses.

by Laurie Griffith

As a business owner, you take precautions. You have an annual audit. You implement network security practices. You’ve protected your systems, data and assets, right? Wrong.

Jarrett Kolthoff, president/CEO of SpearTip, a cyber-security firm specializing in cyber counterintelligence, warns that traditional and technical audits are not enough to protect against emerging unknown threats. Although it sounds like something from a scary sci-fi movie, cyber criminals who lurk in the Darknet, i.e., the hacker world, are increasingly using Zero Day malware to compromise small to midsized businesses. The hackers may be interested in the assets of the business itself but are more likely using a smaller company’s network to “pivot” into larger firms with richer assets, data and impact.

Small to midsized businesses are often easy targets for hackers because of lower levels of awareness, security precautions and adherence to prescribed practices. For example, most banks set fraud prevention parameters like IP restrictions, two-factor authentication and private certificates to help prevent and deter fraudulent activity. Because of the cost, most small to midsized businesses fail to implement this level of protective barrier, putting themselves and other unsuspecting trading partners at risk.

Kolthoff, a former special agent who uses military investigative techniques, shares that on average, an organization is compromised for roughly 240 days before the threat is detected. That gives hackers plenty of time to gather information about the company, its customers and its suppliers and to gain access to the end-targets.

Generally there are no indicators of the compromise until a serious data breach has occurred. Oftentimes a business learns of a hack after wire fraud is discovered, or it may get a call from the Secret Service or a reporter advising that client data has been sold. A larger end-target business may be the unsuspecting victim of the hack, compromised via transactions from the smaller company’s network. While the small business may have its own loss of data, assets and reputation, it also may be at risk of litigation from the larger end-target of the breach.

What can a small business do to protect itself?
1. Consider fraud vulnerability assessments. Sources of threats include disgruntled employees or others who see a weakness in controls within an organization.
2. Enact strong network security measures and implement recommended security practices from banks and other trading partners.
3. Periodically conduct a pre-breach assessment through a qualified cyber-security investigator. Particularly if your business is party to an M&A transaction, it is crucial to identify the presence of malware and a compromised network before integrating with another business.
4. Implement a monitoring system to continually protect against advanced malware.
5. Purchase cyber-risk insurance coverage to manage your exposure to cyber threats.
6. Be aware that a data breach is a matter of when, not if. Work with external counsel, auditors and security advisers now to set your game plan to avoid making decisions while under fire. Do dry runs. Create communication plans. Prepare for the unexpected.

Cyber security is a scary topic – primarily because of the unknown. But the risk can be managed. Awareness is the first step.

Join us at our next Sharp and On Point Speaker Series on Tuesday, Sept. 15, from 7:30 to 9 a.m. at the Lodge Des Peres as Kolthoff shares what you need to know about cyber threats and how to manage that risk in your business. To reserve your seat or for more information, visit www.SharpAndOnPoint.com or www.LopataFlegel.com. n

Laurie Griffith is a principal at Lopata, Flegel & Co. Accountants and Management Consultants. Join us at the free monthly Sharp and On Point Business Advisory Speaker Series from 7:30 to 9 a.m. on the third Tuesday of every month at the Lodge Des Peres. Learn business strategies you can immediately put in place to point your business in the right direction. For more information, visit www.SharpAndOnPoint.com.