Hackers don't just target huge corporations — they also go after small businesses. So how do you protect yourself against a small business cyberattack? We spoke with a small business owner (SBO) who faced a hacking incident to learn from their experience. Since they requested to remain anonymous, we will refer to them here as "the small business."
The small business runs B2B e-commerce sites for some of their clients. The SBO explains their situation: "We had the sites for 20 customers spread out over three servers. We were using an open-source program that worked well but always required security patches. Keeping up with new updates was nearly a full-time job."
When the company lapsed on just one patch, a hacker exploited a tiny security gap and broke into a server and added some code that started collecting credit card information.
Fortunately, the small business caught the problem early. "As luck would have it, we were consulting a cybersecurity expert about our system," says the SBO. "He noticed the harmful script, and we were able to shut everything down before the hacker did too much damage. Only about 90 credit cards were compromised."
Tackling the Problem
The small business had to move quickly to solve the problem. "First we had to notify everyone whose credit card information was compromised. Naturally, they had a lot of questions about what we were doing with our security." A cyberattack can badly damage your reputation, especially if your clients don't feel like you've fixed the issue.
Next, the small business took down the e-commerce stores for about two weeks so they could move everything to a single, more secure server. "It was a tense period because we had to shut down the stores, but we blitzed to get everything done as quickly as possible."
Taking Steps to Stay Safer
Once the small business addressed their immediate cybersecurity issues, they looked at how they could stay safer going forward. "We tripled our IT budget. Before the hack, the person in charge of cybersecurity was doing his best but didn't have enough support."
The small business is also moving their ERP software to a new Microsoft cloud system. This way, they pass the security responsibility to Microsoft's trained specialists.
The SBO warns that it's easy to think things are under control when you aren't an IT expert. He advises business owners to bring in a specialist to review their system.
While improving cybersecurity sounds like a no-brainer, the challenge is that it will increase your costs. "Customers are always going to push for a better price, but you need to charge enough to make your system secure."
The small business now includes cybersecurity as a topic in their sales presentation. They explain how it is part of their package and advise clients to check for this feature when they compare competitors. A low-ball service could potentially have cybersecurity issues.
Fortunately, the small business solved the problem without any lasting damage. "We were lucky because we caught the problem early and we don't do that many transactions as a B2B business. Afterward, our customers complimented us for taking the right steps to solve the problem and not taking shortcuts."
If you haven't reviewed your cybersecurity measures lately, use this story as motivation to protect yourself against a small business cyberattack.
Featured on THRIVE
SIGN UP FOR THE THRIVE NEWSLETTER