Ending Soon! Save 33% on All Access

Coconut Water Empire to Bust: A Data-Breach Case Study Think hackers are interested in attacking only large enterprises? Get with it.

By Joe Ross Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

It's a good time to be a small- or medium-sized business (SMB) in this country. According to the Small Business Administration, small business openings in 2014 exceeded those of closings for the first time in years. SMBs also generated 1.4 million new jobs in the first three quarters of 2014.

Related: 5 Growing Cyber-Security Epicenters Around the World

But as good as those numbers sound, there is an adverse side effect from such growth: Cyber thieves are starting to target SMBs with more regularity. We found this out by experimenting with, of all things, coconut water.

We weren't alone in our concern about cyber thievery. This year's Symantec Internet Security Threat Report estimated that 34 percent of small businesses have faced targeted attacks. Similarly, recent numbers from the UK estimated that 74 percent of SMBs there had suffered an information security breach.

To take a closer look at these issues, our identity and fraud protection company, CSID, recently conducted an experiment. We wanted to see how quickly a cyber criminal could take down a small business. That's how we came to create Jomoco, a fake coconut water start-up, complete with two fictional employees: Richard and Rachel.

We created a virtual presence for Jomoco, which included a website, web server, a business credit card and employee business email accounts. We also created personal profiles for our two "employees": an online gaming account with a $15 credit for Rachel, and a Facebook account for Richard, along with personal email accounts for both. The idea was to mimic the online footprints of an actual SMB its employees.

Our experiment further ensured that Jomoco's fictional employees made common mistakes when protecting their professional and personal data online, including sharing sensitive information via email and reusing passwords across multiple sites. Then we sat back and let the real cyber criminals take it from there.

We didn't wait long. Within an hour, and armed only with a personal email and login, hackers completely shut down Jomoco, with the following actions:

  • Hackers accessed "Rachel's" personal email address by cracking her easy-to-guess password. Rachel made the mistake of reusing passwords across multiple sites, so cyber criminals were also able to break into her online gaming account, stealing her profile and $15 credit.
  • Hackers used the same credentials to access Rachel's business email account. In this account they found Richard's email address, and an email communication between Richard and Rachel with Jomoco's web server IP and login.
  • Using the web server details, hackers defaced the Jomoco website, locked out the business email accounts and cut off access to the web server.
  • Since "Richard" reused passwords across his personal and professional accounts, hackers were able to access his personal email and Facebook accounts, where they proceeded to change the passwords and cut off Richard's access.
  • The hackers also found information about the company credit card in Richard's emails. They were able to make one purchase, which was flagged by the credit card company as fraudulent. The business credit card account was quickly frozen.

Related: How Secure Is Your Small Business? 5 Tips to Protect Against Modern Cyber Attacks.

Among small business owners prevails the unfortunate misconception that hackers are interested only in attacking large enterprises. The fact is, hackers love SMBs. These smaller businesses tend to focus less on security and don't have the IT security budgets large enterprises have.

According to research conducted by CSID in 2014, only 2 in 5 SMBs had a social media policy in place, and only 2 in 10 SMBs planned to increase security spending. For these reasons, SMBs are easier to breach, making them a prime target.

As our Jomoco case study implied, an SMB can be quickly brought down, and with minimal information. It is imperative that SMBs start paying attention to security, assessing risks and vulnerabilities and training employees on cyber security best practices.

There are plenty of resources available to assist with managing this risk. The FCC has great tips for companies just getting started. My hope is that the future will continue to hold growing revenues for small businesses, and shrinking numbers of small business security incidents.

Related: Protect Your Business with 5 Social-Media Security Tips

Joe Ross

President and Co-Founder of CSID

Joe Ross is president and co-founder of CSID, now a part of Experian Partner Solutions, a provider of comprehensive credit data and identity management technologies and services. Ross is widely recognized as an identity protection leader with more than 15 years of experience in the industry.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Business News

More People Are Exploring Entrepreneurship Because of This Unexpected Reason

More new business applications were filed in 2023 than in any other year so far.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Data & Recovery

Data Privacy Matters to Your Customers — Show Them It's a Priority For You, Too. Here's How.

Your business can help reassure customers and earn their loyalty by treating all incoming data as valuable.

Business News

TikTok Reportedly Laid Off a 'Large Percentage' of Employees as the App's Fate in the U.S. Remains Unclear

Laid-off TikTok employees were notified Wednesday night through Thursday morning.

Business News

Four Seasons Orlando Responds to Viral TikTok: 'There's Something Here For All Ages'

The video has amassed over 45.4 million views on TikTok.