How Small Business Can Fight Internet Hackers
Hackers can shut your site down, destroy data, and worse. You can fight back before they hit—but even if you're prepared, your business is at risk
Baranovsky (left) lost business when his site was hacked. Nanette Lepore (center, in New York's SoHo) closed its Las Vegas store for three days. Turkish hackers corrupted hundreds of pages on Bannigan's (right) site (L to R) Photographs by Pej Behdarvand Photography; Ethan Hill (2)
First, company e-mails started to take forever to arrive. Then Jose Cruz, network specialist for apparel maker Nanette Lepore, kept getting kicked off the company's central server. A few hours later sales machines at the company's nine boutiques were routinely getting bumped off-line when they tried to connect to the central server. Cruz became increasingly alarmed. Hackers were attacking the business with a so-called denial of service attack, using an army of computers to bombard a server with bogus requests for information, and making it impossible for legitimate ones to get through. "This was a malicious attack to shut down the company," Cruz says. Engineers from his Internet service provider eventually traced the raid to hackers in Asia.
But when the onslaught occurred, in November 2008, at least the 100-person, $150 million business was prepared. It had a battle plan. It had redundant servers, with multiple links between stores, the company's central database, and the Internet. Its Web hosting was offsite, its security software up to date. Cruz's first call was to the Internet service provider that handles Nanette Lepore's boutiques' Web access, which switched off the link that was being bombarded and established a secondary link for the stores to use. Things did not return to normal until three days later, when the ISP was able to effectively block the rogue signals.
In 2007, the company hadn't been so lucky. Without a network engineer in charge of security, and using only off-the-shelf routers for protection, the company's network was a soft target. Two different hacker groups broke into the servers for the company's Las Vegas location. The first hackers, based in the U.S., installed software that recorded individual keystrokes and took screenshots of the terminal handling customer transactions, transmitting the information every two seconds. Simultaneously, a cell in Italy hacked customer information related to potentially hundreds of credit cards. That information was sold and used to create duplicate credit cards for Spanish criminals. Local authorities got involved, then the FBI. Nanette Lepore had to close down its Las Vegas store for three days, and deal with the hassle and embarrassment of having to notify customers whose accounts had been compromised.
Hacker attacks are serious business, and small businesses are under siege. Stamford (Conn.)-based research firm Gartner estimates that about 25% of all small businesses suffered a hacker attack in 2008, up from about 10% in 2003. Small businesses "are seeing more attacks, and they are being targeted more," says Adam Hils, principal analyst for network security at Gartner. Hackers "figured out that small and midsize businesses are easier to get into, and users are more likely to download bad things." They are most likely looking for customer information, which can be sold on a sophisticated black market. Even if you are prepared, an assault can still put your business at risk.
The nature of the most common attacks has also changed. These days they mostly involve employees surfing the Web or responding to e-mails that sound legitimate but are really bogus schemes fishing for information. The "drive-by" takes advantage of the innocent computer user who stumbles across a site run by hackers. When the surfer clicks on links embedded in the Web site, malicious code is automatically downloaded. Often, the goal is to turn the computer into part of a "botnet"—an army of zombie computers controlled by hackers. They're often used to launch denial of service attacks, such as the one Nanette Lepore suffered. In most cases, the code operates in the background, unbeknownst to the computers' users. But it can also open up your network to the prying eyes of criminals. In the well-known "phishing" scam, a computer user receives a fraudulent e-mail that appears to come from a bank or other familiar institution, asking for information such as user names and passwords.
Business Exchange
Track and share business topics across the Web.
Most Popular Stories
- Startups Find Room to Run on Crowded Social Web
- The 50 Most Innovative Companies
- GWallet's Chahal Balances Flashy Lifestyle, Family Commitment
- Five Destructive Company HR Policies
- Summer Reading List: The B-School Edition
- In the App Economy, Does the Mobile Browser Matter? - BusinessWeek
- GE's Talent Tool Kit - BusinessWeek
- Five Destructive Company HR Policies - BusinessWeek
- Startups Find Room to Run on Crowded Social Web - BusinessWeek
- How Health-Care Reform Will Affect Small Business - BusinessWeek
BW Mall - Sponsored Links
- Applicant Tracking System Complete Talent Platform, including Applicant Tracking, Onboarding, CRM and more
- Transform Your Employee Evaluations Learn why even the best employees need more than an evaluation. Free white paper
- Develop Through Targeted Training Download a white paper about creating effective training & development programs.
- Simple Performance Management Software Quality Performance Appraisals in a Fraction of the Time Fast & Easy! Free Trial
- Trade Forex with ACM Free $100,000 Practice Account With Real-Time Charts, News & Research!
- Buy a link now!
Business Tools
A-Z Index
Lists & Rankings
Blogs
- Apple
- Asia
- Autos
- Branding
- Investing
- Management Trends
- Money & Politics
- On Media
- Real Estate
- Small Business
- Technology
About Advertising EDGE Programs Reprints Terms of Use Disclaimer Privacy Notice Ethics Code Contact Us Site Map Press Room
©2010 Bloomberg L.P. All Rights Reserved.