Coconut Water Empire to Bust: A Data-Breach Case Study Think hackers are interested in attacking only large enterprises? Get with it.

By Joe Ross

Opinions expressed by Entrepreneur contributors are their own.

It's a good time to be a small- or medium-sized business (SMB) in this country. According to the Small Business Administration, small business openings in 2014 exceeded those of closings for the first time in years. SMBs also generated 1.4 million new jobs in the first three quarters of 2014.

Related: 5 Growing Cyber-Security Epicenters Around the World

But as good as those numbers sound, there is an adverse side effect from such growth: Cyber thieves are starting to target SMBs with more regularity. We found this out by experimenting with, of all things, coconut water.

We weren't alone in our concern about cyber thievery. This year's Symantec Internet Security Threat Report estimated that 34 percent of small businesses have faced targeted attacks. Similarly, recent numbers from the UK estimated that 74 percent of SMBs there had suffered an information security breach.

To take a closer look at these issues, our identity and fraud protection company, CSID, recently conducted an experiment. We wanted to see how quickly a cyber criminal could take down a small business. That's how we came to create Jomoco, a fake coconut water start-up, complete with two fictional employees: Richard and Rachel.

We created a virtual presence for Jomoco, which included a website, web server, a business credit card and employee business email accounts. We also created personal profiles for our two "employees": an online gaming account with a $15 credit for Rachel, and a Facebook account for Richard, along with personal email accounts for both. The idea was to mimic the online footprints of an actual SMB its employees.

Our experiment further ensured that Jomoco's fictional employees made common mistakes when protecting their professional and personal data online, including sharing sensitive information via email and reusing passwords across multiple sites. Then we sat back and let the real cyber criminals take it from there.

We didn't wait long. Within an hour, and armed only with a personal email and login, hackers completely shut down Jomoco, with the following actions:

  • Hackers accessed "Rachel's" personal email address by cracking her easy-to-guess password. Rachel made the mistake of reusing passwords across multiple sites, so cyber criminals were also able to break into her online gaming account, stealing her profile and $15 credit.
  • Hackers used the same credentials to access Rachel's business email account. In this account they found Richard's email address, and an email communication between Richard and Rachel with Jomoco's web server IP and login.
  • Using the web server details, hackers defaced the Jomoco website, locked out the business email accounts and cut off access to the web server.
  • Since "Richard" reused passwords across his personal and professional accounts, hackers were able to access his personal email and Facebook accounts, where they proceeded to change the passwords and cut off Richard's access.
  • The hackers also found information about the company credit card in Richard's emails. They were able to make one purchase, which was flagged by the credit card company as fraudulent. The business credit card account was quickly frozen.

Related: How Secure Is Your Small Business? 5 Tips to Protect Against Modern Cyber Attacks.

Among small business owners prevails the unfortunate misconception that hackers are interested only in attacking large enterprises. The fact is, hackers love SMBs. These smaller businesses tend to focus less on security and don't have the IT security budgets large enterprises have.

According to research conducted by CSID in 2014, only 2 in 5 SMBs had a social media policy in place, and only 2 in 10 SMBs planned to increase security spending. For these reasons, SMBs are easier to breach, making them a prime target.

As our Jomoco case study implied, an SMB can be quickly brought down, and with minimal information. It is imperative that SMBs start paying attention to security, assessing risks and vulnerabilities and training employees on cyber security best practices.

There are plenty of resources available to assist with managing this risk. The FCC has great tips for companies just getting started. My hope is that the future will continue to hold growing revenues for small businesses, and shrinking numbers of small business security incidents.

Related: Protect Your Business with 5 Social-Media Security Tips

Wavy Line
Joe Ross

President and Co-Founder of CSID

Joe Ross is president and co-founder of CSID, now a part of Experian Partner Solutions, a provider of comprehensive credit data and identity management technologies and services. Ross is widely recognized as an identity protection leader with more than 15 years of experience in the industry.

Editor's Pick

A Leader's Most Powerful Tool Is Executive Capital. Here's What It Is — and How to Earn It.
One Man's Casual Side Hustle Became an International Phenomenon — And It's on Track to See $15 Million in Revenue This Year
3 Reasons to Keep Posting on LinkedIn, Even If Nobody Is Engaging With You
Why a Strong Chief Financial Officer Is Crucial for Your Franchise — and What to Look for When Hiring One

Related Topics

Business News

The World's Richest Man Just Surpassed a $200 Billion Fortune

Bernard Arnault is just the third man in history to reach this landmark.

Starting a Business

5 Tips For Launching a Business While Keeping Your Day Job

Launching a business while holding down a 9-to-5 is no small feat. It's a common path for aspiring entrepreneurs, but it's not without its challenges.

Growing a Business

This Stock Screener is on Sale for Memorial Day

invest while mitigating risk with this top-rated stock screening app.

Business News

The Virgin Islands Want to Serve Elon Musk a Subpoena, But They Can't Find Him

Government officials would like to talk to Tesla's owner as part of an investigation into the Jeffrey Epstein case.

Business Ideas

55 Small Business Ideas to Start in 2023

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2023.