28 Mar 2012

Small business big target for hackers

Howard Baldwin of PCWorld writes that for small businesses, there are few more horrifying thoughts than experiencing an internet security breach that would lead to a stolen bank account or credit card information. Baldwin spoke with Christopher Porter of the Verizon RISK Team, who said small businesses don't know how defenseless they have become.

"[Hackers] scan the Internet, looking for remote access services, and then try the default credentials. Once they gain access, they automatically install keyloggers to collect password information [as it's typed in]," Porter says. "Then they send the information it out via e-mail or by uploading it to an FTP server or a web site. They aggregate the data and sell it on the black market."

The keylog could be used to figure out how to drain a bank account, but Porter said it will more often than not be used to steal from the business' point-of-sale system. He said this is a low-risk and low-cost attack that could pay big dividends for criminals.

Porter recently authored the 2012 Data Breach Investigation Report from Verizon. This report recommends small businesses use internet security like a firewall, change default credentials on POS systems and monitor third parties who have access to POS and firewall programs.