Get All Access for $5/mo

Coconut Water Empire to Bust: A Data-Breach Case Study Think hackers are interested in attacking only large enterprises? Get with it.

By Joe Ross Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

It's a good time to be a small- or medium-sized business (SMB) in this country. According to the Small Business Administration, small business openings in 2014 exceeded those of closings for the first time in years. SMBs also generated 1.4 million new jobs in the first three quarters of 2014.

Related: 5 Growing Cyber-Security Epicenters Around the World

But as good as those numbers sound, there is an adverse side effect from such growth: Cyber thieves are starting to target SMBs with more regularity. We found this out by experimenting with, of all things, coconut water.

We weren't alone in our concern about cyber thievery. This year's Symantec Internet Security Threat Report estimated that 34 percent of small businesses have faced targeted attacks. Similarly, recent numbers from the UK estimated that 74 percent of SMBs there had suffered an information security breach.

To take a closer look at these issues, our identity and fraud protection company, CSID, recently conducted an experiment. We wanted to see how quickly a cyber criminal could take down a small business. That's how we came to create Jomoco, a fake coconut water start-up, complete with two fictional employees: Richard and Rachel.

We created a virtual presence for Jomoco, which included a website, web server, a business credit card and employee business email accounts. We also created personal profiles for our two "employees": an online gaming account with a $15 credit for Rachel, and a Facebook account for Richard, along with personal email accounts for both. The idea was to mimic the online footprints of an actual SMB its employees.

Our experiment further ensured that Jomoco's fictional employees made common mistakes when protecting their professional and personal data online, including sharing sensitive information via email and reusing passwords across multiple sites. Then we sat back and let the real cyber criminals take it from there.

We didn't wait long. Within an hour, and armed only with a personal email and login, hackers completely shut down Jomoco, with the following actions:

  • Hackers accessed "Rachel's" personal email address by cracking her easy-to-guess password. Rachel made the mistake of reusing passwords across multiple sites, so cyber criminals were also able to break into her online gaming account, stealing her profile and $15 credit.
  • Hackers used the same credentials to access Rachel's business email account. In this account they found Richard's email address, and an email communication between Richard and Rachel with Jomoco's web server IP and login.
  • Using the web server details, hackers defaced the Jomoco website, locked out the business email accounts and cut off access to the web server.
  • Since "Richard" reused passwords across his personal and professional accounts, hackers were able to access his personal email and Facebook accounts, where they proceeded to change the passwords and cut off Richard's access.
  • The hackers also found information about the company credit card in Richard's emails. They were able to make one purchase, which was flagged by the credit card company as fraudulent. The business credit card account was quickly frozen.

Related: How Secure Is Your Small Business? 5 Tips to Protect Against Modern Cyber Attacks.

Among small business owners prevails the unfortunate misconception that hackers are interested only in attacking large enterprises. The fact is, hackers love SMBs. These smaller businesses tend to focus less on security and don't have the IT security budgets large enterprises have.

According to research conducted by CSID in 2014, only 2 in 5 SMBs had a social media policy in place, and only 2 in 10 SMBs planned to increase security spending. For these reasons, SMBs are easier to breach, making them a prime target.

As our Jomoco case study implied, an SMB can be quickly brought down, and with minimal information. It is imperative that SMBs start paying attention to security, assessing risks and vulnerabilities and training employees on cyber security best practices.

There are plenty of resources available to assist with managing this risk. The FCC has great tips for companies just getting started. My hope is that the future will continue to hold growing revenues for small businesses, and shrinking numbers of small business security incidents.

Related: Protect Your Business with 5 Social-Media Security Tips

Joe Ross

President and Co-Founder of CSID

Joe Ross is president and co-founder of CSID, now a part of Experian Partner Solutions, a provider of comprehensive credit data and identity management technologies and services. Ross is widely recognized as an identity protection leader with more than 15 years of experience in the industry.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Science & Technology

5 Automation Strategies Every Small Business Should Follow

It's time we make IT automation work for us: streamline processes, boost efficiency and drive growth with the right tools and strategy.

Business News

Former Steve Jobs Intern Says This Is How He Would Have Approached AI

The former intern is now the CEO of AI and data company DataStax.

Leadership

Visionaries or Vague Promises? Why Companies Fail Without Leaders Who See Beyond the Bottom Line

Visionary leaders turn bold ideas into lasting impact by building resilience, clarity and future-ready teams.

Marketing

5 Critical Mistakes to Avoid When Giving a Presentation

Are you tired of enduring dull presentations? Over the years, I have compiled a list of common presentation mistakes and how to avoid them. Here are my top five tips.

Side Hustle

'Hustling Every Day': These Friends Started a Side Hustle With $2,500 Each — It 'Snowballed' to Over $500,000 and Became a Multimillion-Dollar Brand

Paris Emily Nicholson and Saskia Teje Jenkins had a 2020 brainstorm session that led to a lucrative business.

Green Entrepreneur®

How Global Business Leaders Can Build a Sustainable Supply Chain

Businesses can build sustainable supply chains by leveraging technology to reduce environmental impact, optimize resources and track emissions while balancing operational efficiency and sustainability goals.