Howard Baldwin of PCWorld writes that for small businesses, there are few more horrifying thoughts than experiencing an internet security breach that would lead to a stolen bank account or credit card information. Baldwin spoke with Christopher Porter of the Verizon RISK Team, who said small businesses don't know how defenseless they have become.
"[Hackers] scan the Internet, looking for remote access services, and then try the default credentials. Once they gain access, they automatically install keyloggers to collect password information [as it's typed in]," Porter says. "Then they send the information it out via e-mail or by uploading it to an FTP server or a web site. They aggregate the data and sell it on the black market."
The keylog could be used to figure out how to drain a bank account, but Porter said it will more often than not be used to steal from the business' point-of-sale system. He said this is a low-risk and low-cost attack that could pay big dividends for criminals.
Porter recently authored the 2012 Data Breach Investigation Report from Verizon. This report recommends small businesses use internet security like a firewall, change default credentials on POS systems and monitor third parties who have access to POS and firewall programs.