hackers target small business credit card transactionsData breaches and hacker attacks always make headlines when they happen to large companies.  But what about the 482 data breaches in 2010 that impacted businesses with less than 100 employees?  In a recent Wall Street Journal article… Hackers Shift Attacks to Small Firms… we learn how cyber thieves put one small company out of business and left several others with losses and expenses of more than $20,000.

With limited budgets and few or no technical experts on staff, small businesses generally have weak security.  Cyber criminals have taken notice.  In 2010, the U.S. Secret Service and Verizon Communications Inc.'s forensic analysis unit, which investigates attacks, responded to a combined 761 data breaches, up from 141 in 2009.  Of those, 482, or 63%, were at companies with 100 employees or fewer.  Visa Inc. estimates about 95% of the credit card data breaches it discovers are on its smallest business customers.

Small Businesses are Vulnerable for Credit Card Processing Data Breaches
Smaller companies are less likely to grasp the security threat.  A 2010 survey by the National Retail Federation and First Data Corp. of small- and medium-size retailers in the U.S. found that 64% believed their businesses weren't vulnerable to card data theft and only 49% had assessed their security safeguards.

One of the most common styles of attack on small businesses targets credit card processing information that a hacker can sell or use to make fraudulent purchases.  To guard against this, the major credit-card companies in 2006 formed an industry group called the Payment Card Industry (PCI) Security Standards Council, which establishes minimum technical protections for businesses that accept credit cards.

Learn More About PCI Compliance:  If You Accept Credit Cards, PCI Compliance Impacts Your Business!

Why PCI Compliance is So Important
While credit card companies require all businesses that accept their cards to comply with those standards, known as PCI compliance, they have few measures to enforce them for small businesses. Bob Russo, general manager of the PCI Council, says many small businesses neglect basic security measures such as changing default passwords.

Hacking at small businesses "is a prolific problem," says Dean Kinsman, a special agent in the Federal Bureau of Investigation's cyber division, which has more than 400 active investigations into these crimes. "It's going to get much worse before it gets better."

The fact that there are so many types of security threats makes it difficult for small firms to protect themselves.  In the time it takes to break into a major company like Citigroup Inc., a hacker could steal data from dozens of small businesses and not get detected, says Bryce Case Jr., a former hacker who broke into several government and corporate websites a decade ago.

Read the Full Article from the Wall Street Journal:  Hackers Shift Attacks to Small Firms