There’s something Thomas H. Douglas wants you to know: Your business is at risk of being hacked.
The CEO and President of JMARK Business Solutions, Inc. works with organizations large and small to help clean up the mess of a hacker or malware. These businesses aren’t Target or Ashley Madison; they’re small businesses, right here in 417-land.
“If you run a business and you have a computer that’s connected to the internet, you’re at risk,” says Douglas. “If you’re online and you’re sending emails to vendors, if your email address is public online, you’re going to be specifically targeted in some capacity. That’s the reality.”
Jeff Coiner, director of information systems for the City of Springfield, has experienced this reality twice in his eight years at the City. The first instance was in February 2009 when one computer was infected with a virus that spread to more than 1,000 computers. The second attack came in February 2012 when someone broke into their network.
“Someone hacked into our city website using what’s called an SQL attack,” Coiner says. “He exploited a weakness in our website and was able to get into a database that was connected to that website. From there, he was able to collect about 2,000 Social Security numbers from people who had possibly applied for a job at the City at the time.”
The FBI alerted Coiner about the incident because the hacker bragged about the attack on Twitter. To recover, the City determined that it had to shut down its website and all 25 subsidiary websites on its server and rebuild them to be able to withstand SQL attacks, Coiner says.
“The biggest thing I learned from that was to be aware of everything on your network,” he says. “I had been here maybe three years at the time, and I wasn’t even aware of that database. So now we’ve gotten rid of old, standalone databases and made sure all of our systems are more secure with regular security patches.”
To ensure that systems are secure, businesses should receive a risk assessment and have cyber security measures put in place. But if a business feels its systems might be compromised, it should turn everything off gracefully and disconnect it from the internet, Douglas says.
“If your data’s being encrypted, turning everything off will stop that encryption process,” he says. “Then call a cyber security IT professional to evaluate what’s going on.”
One business almost lost 15 years of files to a cryptolocker, which encrypted nearly all of its files. One business was targeted when a hacker sent a CFO a deceptive email acting as a note from a CEO out of town, requesting a wire transfer. Both happened recently in Springfield.
“Don’t assume that it’s going to be somebody else,” says Douglas. “If you don’t proactively take some measures, eventually you’re going to have some sort of risk associated with it. It could be something small; it could be something catastrophic. Nowadays, it’s like running a business with no insurance at all.”