Sårbar for angreb:Virksomheder bør øge cyberforsvaret

Da cybertyve angreb Empire Industries 'computernetværk, teknologichef Rich Shemanskis kunne se filer i gang med at blive inficeret af ondsindet software.

"Vi kiggede på netværket, og jeg lagde mærke til det, og en anden fyr lagde mærke til det. Vi ser på filerne og ser dem ændre sig, ”Shemanskis minder om angrebet for tre år siden.

Shemanskis fortalte medarbejderne hurtigt at lukke deres pc'er ned, hvilket hjalp med at begrænse malware's spredning, men virksomheden mistede godt en dags arbejde. Den frelsende nåde for Manchester, Connecticut, producent af byggematerialer, var det havde sikkerhedskopieret de fleste af sine filer.

Et cyberangreb, der fører til nedetid og tabte data, kan være dyrere for mindre virksomheder end for større virksomheder - i gennemsnit 763 dollar pr. Berørt computer eller anden enhed mod 470 dollar, ifølge en undersøgelse fra 2018 fra Poneman Institute, som forsker i databeskyttelse. Mange små virksomheder har ikke sofistikerede systemer til at beskytte sig mod hackere, vira, malware og hvad der kaldes ransomware, som gør filer utilgængelige, medmindre en computerbruger betaler tyve for at frigive dem. Og mange ejere er ikke teknologikyndige nok til at forudse potentielle problemer eller gør ikke brug af teknologiske medarbejdere eller hjælp udefra til at styrke deres forsvar.

Efter angrebet, Empire revurderede sin sikkerhed. "Vi havde allerede antivirusbeskyttelse, men vi opgraderede alt - vi tilføjede flere lag af sikkerhed, "Siger Shmanskis.

Empires erfaring viser, hvorfor det er afgørende for små virksomheder at bevare et stærkt forsvar mod cyberkriminelle.

"Truslens karakter fortsætter med at udvikle sig, "siger Diana Burley, en professor ved George Washington Universitys Graduate School of Education and Human Development, hvis ekspertise omfatter cybersikkerhed. Cybertyve bruger stadig mere avanceret teknologi og udvikler angrebsmetoder, der er sværere at opdage og foliere, hun siger.

En virksomheds computere kan invaderes indirekte - en leverandør eller kunde kan blive angrebet, og virussen eller malware overføres, hvis computersystemer er forbundet. Sådan hackede cybertyve sig ind i computerne hos discountforhandleren Target i 2013 - de brød ind efter først at have invaderet systemet hos en af ​​Target's leverandører. Target måtte bilægge juridiske krav for ikke at have beskyttet kunders oplysninger, der blev stjålet.

Mindre virksomheder vil sandsynligvis være endnu mere sårbare, Burley siger, tilføjer, at "det er virksomhedens ansvar at være opmærksom på, at disse ting kan ske."

Nogle gange er invasionen mere lavteknologisk. Jay Marose, der har en Los Angeles-baseret reklamevirksomhed, tilladt en mangeårig ven, der også var en klient, at bruge sin adgangskode til at få adgang til sin webstedsopbygningskonto. Vennen loggede ind på kontoen, efter at deres arbejdsforhold sluttede, tog filer, der ikke tilhørte ham, og tilbageførte sin betaling til Marose. Hændelsen kostede publicisten $ 10, 000 og to klienter.

Marose indser, at det var en fejl at give adgangskoden til en anden. But the theft was made easier by the website company's weak security—it didn't use two-factor authentication, which requires a temporary passcode in addition to a password. I øvrigt, the theft happened during a hurricane and the company was shut down for 10 days; Marose couldn't get any help.

Marose now guards his information closely. "It changed the way I do business going forward, " Marose says.

The attack on Amanda Naor's website showed her why it's critical to back up content and data. Naor, who has a photography business in Los Angeles, tried to log into her site early last year but her password was rejected. Technicians at the company that hosted her site found that someone had hacked in and changed the password. Naor created a new password, but a week later was again locked out and her website was completely disorganized—pictures and text were jumbled haphazardly. She had no backup.

A website security company Naor hired found malware on her site and was able to restore her content. Technicians said she was targeted because cyberthieves develop their skills by practicing on small websites.

"Grundlæggende, I was a playground for a hacker, " says Naor. She now has a backup and an ongoing relationship with the security company.

When hackers get hold of a small business owner's personal information, the company can suffer. Josh Lamont's Social Security number was stolen five years ago when he became a joint depositor on his mother's account; unbeknownst to the family, her identity had been stolen and the thieves had access to all the information on her accounts. Lamont discovered his accounts had been hacked when a $13, 000 charge to an adult website appeared on his credit card. His bank froze his accounts, including those used in his consulting business, while it investigated what had happened.

"I didn't have access to a single account for a good three or more weeks, " says Lamont, whose business, JRL Strategies, is based in Menlo Park, Californien. I øvrigt, he had to help with the investigation; that cut into his work time.

Lamont has been taking steps to make his business more secure, among them obtaining an Employer Identification Number from the IRS to be used on business accounts instead of his Social Security numbers.

As can often happen when an identity is stolen, thieves struck again 15 months later. This time Lamont got a provisional line of credit.

Sidste måned, Lamont got an email warning that his files would be attacked by ransomware; it turned out to be a hoax.

Men, "even as a hoax, it caused missed meetings and a rescheduled pitch to a new client, " Lamont says.

© 2019 Associated Press. Alle rettigheder forbeholdes.