Written by The Business Journal Staff
When The Madera Tribune’s editor Charles Doud arrived to work one day in 2016, he found that the small-town newspaper’s server had been hacked.
“When we came to work on Monday, all the computers that were attached to the server were showing nothing but moving gobbledygook,” Doud said. “All we could do when we turned it on was look at the stuff going through.”
The virus, a form of ransomware, had encrypted the contents of the server. Meanwhile, a message would continuously flash demanding $10,000 in bitcoin — to be paid to a foreign bank account — to undo the damage. Doud refused to pay the ransom on his server. That day, their IT specialist and one of the paper’s reporters were able to work on and eventually fix the server, removing the ransomware. The paper, meanwhile, was able to get out on time despite the breach.
The Madera Tribune, however, is just one of thousands of companies to experience cyber attacks each year. And while the attack that occurred on Doud’s paper amounted to little more than an inconvenience, these breaches can kill companies.
According to a study carried out by the National Cyber Security Alliance, nearly half of all small businesses will be on the receiving end of a cyber attack, making up more than 70 percent of all attacks in total.
“I’d say it has more to do with the fact that they are small,” said cybersecurity expert and Breadcrumb Cybersecurity CEO Brian Horton. “They have less money to spend on the types of technology that would stop hackers, in our experience.”
Small businesses commonly targeted are those trusted with sensitive information. These include real estate, health care and — especially in the Valley — agriculture businesses. In the case of the latter, this is because of the large amounts of wired financial transactions they make. Emails asking for a wired entity are thus common for them. It is common for hackers to breach their targets through bad links containing a virus. Once in, they can wreak havoc until they get what they want from their victim. This can even include the hacker contacting their target.
“When you work with these threat groups, when you work with these hackers, they’re almost more helpful than calling into larger companies on their help desks for support,” Horton said. “They let you know exactly how you can handle the money, they walk you through all the steps.”
Despite their help in removing the virus, however, it’s often too late. According to the Cyber Security Alliance, approximately 60 percent of small and medium-sized companies go out of business six months after a breach.
Often, there will be telltale signs that the emails received by a company contain malware. These can include typos and spelling errors. Further testing can be done by hovering the mouse over the link to see if it matches the supposed site. Regularly updating such security measures as passwords on a regular basis is also recommended.
Finally, consultation with cybersecurity experts can be another factor in preventing a damaging breach, as it can point out weaknesses in a security system. This was the case for Barry Maas, president of ASi Administrative Solutions, an employee service company, who invited Horton to see if he could breach ASi’s security earlier this year.
“You know, I thought I was very safe,” Maas said. “I thought our security systems in our software and our network were probably not 100 percent, but pretty tight, and he was able to — in that case — get our staff to do something they shouldn’t have done.”
Only Maas, human resources and his vice president were aware that the penetration test was being conducted. Despite a fairly strong system, Horton was able to get in. Far from discouraged, however, the test was seen as an opportunity to find potential cracks in their firewall. Maas added that since then, they have worked to fill in those cracks. This has included close instructions for their staff.
“You can have the best systems in the world,” Maas said. “But you also have to train your staff as to what to look for and what to do.”
“I don’t think we should ever take it for granted that our computers are safe,” Doud said. “These pirates are working right now.”