Small Businesses at Risk of Point-of-Sale Data Breaches

By Pedro Hernandez | Posted September 15, 2014

Target, Neiman Marcus, and now, Home Depot; these giant retailers made even bigger headlines after a data breach stole millions of credit card records from their networks.

Small businesses also make tempting targets, Andrew Bagrin, Founder of CEO of My Digital Shield, a cloud-based provider of small business data security services, is quick to point out.

"Seventy percent of data breaches happen through small businesses," Bagrin told Small Business Computing during an interview last month. "Ninety percent can be avoided by technology that's available today."

Small business data breaches

And what a difference a month makes.

Retailers, large and small alike, are now just coming to grips with a long-simmering threat called Backoff, said Bagrin. Backoff, and its variants, sits stealthily on Microsoft point-of-sale (POS) systems, acting essentially as both a credit card skimmer and key logger, then periodically transmits its haul to data thieves.

Data Breaches: Stealthily Stealing Credit Card Data

Backoff has garnered the attention of the United States Computer Emergency Readiness Team (US-CERT). In a July 31 advisory, the agency outlined some of the findings of a year-long Secret Service investigation into Backoff.

"Seven PoS system providers/vendors have confirmed that they have had multiple clients affected. Reporting continues on additional compromised locations, involving private sector entities of all sizes, and the Secret Service currently estimates that more than 1,000 U.S. businesses are affected," stated US-CERT.

Making matters worse, Backoff has been detected in the wild since October 2013, suggesting that some retailers may be unaware that their POS systems have been harboring the malware for nearly a year.

"For every one that we hear about, there are hundreds of small businesses affected," said Bagrin. "I have a feeling that it's just the beginning."

Data Breaches: Destroyer of Entrepreneurial Dreams

The major difference between high-profile breaches and those that affect small businesses, is that major retailers can "survive to be affected another day," said Bagrin.

Sixty percent of small businesses that are hit with data breaches shutter their doors within six months "because they can't survive the impact," said Bagrin, citing data from the National Cyber Security Alliance. The numbers simply aren't on their side.

Bagrin explained that large retailers have the budgets for crack legal teams that can negotiate for lower penalties. On average, the Targets and Home Depots of the world will end up paying "$45 per credit card stolen," he said.

Small businesses pay more than twice that: typically $108 in fines and fees. Multiply that figure by thousands or tens of thousands of credit card transactions, and the cost of bouncing back from a breach is prohibitive for most small firms.

And it's not just the corner store that should worry. Restaurants, bake shops, salons, professional services providers and countless other businesses that accept credit cards should be on the lookout.

In fact, awareness and education are the main defense against Backoff and other computer security threats that can sideline a small business, said Bagrin.

"Talk to a good security advisor," he suggested. And while nobody expects a small business owner or technology manager to become a security expert—an IT discipline in its own right—there are ways to help IT generalists guard against data breaches.

Affordable cloud-based services blend enterprise-grade network protection with user-friendly tools, interfaces and workflows that allow the average "network guy" to implement a comprehensive set of safeguards, said Bagrin. "Get the right tools in their hands."

Foremost, small businesses must recalibrate their attitudes toward IT security. Fundamentally, they leverage many of the same technologies that big companies rely on. And hackers know it.

"At the end of the day, they're using the same point-of-sale system that the big guys use," said Bagrin.

Pedro Hernandez is a contributing editor at Small Business Computing. Follow him on Twitter @ecoINSITE.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!

Comment and Contribute


     

    Get free tips, news and advice on how to make technology work harder for your business.

    Submit
    Learn more
     
    You have successfuly registered to
    Enterprise Apps Daily Newsletter
    Thanks for your registration, follow us on our social networks to keep up-to-date