Stocks fell to their lows of the day on Friday on news that Chinese trade officials are cutting short their visit to the U.S.US Marketsread more
Chinese trade negotiators suddenly canceled a visit to meet U.S. farmers after they wrapped up trade talks in Washington this week.Marketsread more
Canadian trade union Unifor said roughly 4,500 of its members have been temporarily laid off because of the GM strike so far.Autosread more
For investors taking a breather from the chaos in August, buckle up as the market is about go crazy again, Goldman Sachs warned.Marketsread more
The wearables company has reportedly retained advisers to consider exploring a sale of the business.Technologyread more
Roku shares have more than quadrupled this year, but the stock has had some rocky days of late as more players jump into streaming.Technologyread more
Walmart is the latest to pull back from the industry. Federal regulators said they will soon ban flavored e-cigarettes while some nations have outlawed the products...Health and Scienceread more
Legal experts say that California, which has pledged to sue, has a strong case that the administration's move is unlawful.Politicsread more
Solomon launched Payback Records last year as his music career was picking up.Financeread more
A group of 23 states on Friday sued to undo the Trump administration's determination that federal law bars California from setting stiff tailpipe emission standards and...Transportationread more
U.S. officials, including Secretary of State Mike Pompeo, have accused Iran of orchestrating devastating strikes on Saudi oil installations over the weekend.Politicsread more
Data breaches at big retailers including Home Depot and Target may be grabbing attention, but mom-and-pop businesses shouldn't feel like they're in the clear. Hackers also have their eye on smaller businesses, according to experts.
The latest business to be hit by a breach is Jimmy John's. The Champagne, Illinois-based sandwich chain on Wednesday said it has learned of a possible security incident involving consumers' credit and debit card data, which was compromised after an intruder stole log-in credentials from the company's point-of-sale vendor. That information was then used to remotely access point-of-sale systems at approximately 216 locations between June 16, 2014 and Sept. 5, 2014.
Smaller merchants, meanwhile, also have been the target of cyberthieves. In 2013, targeted attacks aimed at small businesses with up to 250 employees accounted for 30 percent of all hack attacks, compared with 18 percent in 2011, according to data from Symantec, a tech security company.
And data breaches can be costly, especially for smaller employers. In 2014, companies on average paid $145 for each lost or stolen record containing sensitive and confidential information, according to the Ponemon Institute's 2014 Cost of Data Breach Study. The institute focuses on research related to privacy, data protection and information security policy.
Whether you're a big-box retailer or smaller merchant, payment data is gold to cybercriminals, says Rob Sadowski, director of technology solutions for cybersecurity firm RSA. And because protection is often lacking among smaller companies, they can be an easy target among hackers.
"Criminals know that small businesses are less likely to be protected with a large security staff that has made a big investment insecurity," Sadowski says. "If a business is handling payment card data—that is the most valuable commodity in the criminal underground."
And cybercriminals use tried and true methods to lure potential victims.
Anup Ghosh, founder and chief executive of Invincea, a security software company, said nearly all of the time responders deal with a security incident and clean up the mess, the threat often originated through an email or web browsing. "This isn't anything new—we are seeing 'malvertising' or serving up malicious ads, and cybercrime gangs are paying for those ads to serve up malicious content," Ghosh says. "It's spear-phishing on a browser."
And the damage can spread from there. If a computer is hit with malicious software advertising, the machine will be compromised, making it easier for hackers to drop malicious code onto corporate accounts.
So what's a business to do?
Step one, says Sadowski of RSA, is to ensure systems are patched and updated with security fixes. "Hackers are often exploiting vulnerabilities that are not fixed or patched," Sadowski said.
And discouraging news for smaller merchants strapped for cash, Ghosh of Invincea said standard anti-virus packages that range anywhere from $50 to $80 are only 20 percent effective against conventional attacks. Plus, cheaper solutions are nearly completely ineffective against targeted attacks.
"The endpoint security space is rapidly evolving to advanced forms of threat protection against unknown malware, spear-phishing and website drive-by attacks," Ghosh said.
But there are some affordable fixes for businesses of all sizes. Make sure systems that are handling payment card data are not Internet-connected.
"Attackers look at that foothold, so try to make sure the system is not used for browsing the web or email, because malware can get on those different systems," Ghosh said.
Finally, Ghosh said it can pay to be updated on security standards for merchants, as outlined by the PCI Security Standards Council. The guidelines are particularly helpful for small businesses, Sadowski says. "It's a challenge for small businesses, and PCI realizes that," he said. "They have resources and best practice that make it harder for criminals to get this data."