A communication failure from a credit card machine was the first sign of a cyberattack that affected a small business in Conway.
“We were looking specifically at the hardware, and by the time a technician would arrive, it would either begin working again or we would have found a solution by tinkering with it,” said the IT professional who is contracted by the small business.
Ironically, it was discovered upon calling the manufacturer of the equipment that there was something wrong with it. They thought the issue had been resolved.
“We were being led down a road that appeared to be the correct road.”
But the problem persisted after the business owner replaced the faulty equipment with new equipment at the end of the workweek.
The following Saturday night, the hackers infiltrated the system and locked the business owner out by encrypting the server. It took the hackers approximately three weeks to break into the router, and the business lost three weeks’ worth of inventory and sales data as a result.
After several weeks of speaking with a detective, rebuilding the inventory, and establishing tighter controls, the business was able to open its doors to customers again. A year after the cyberattack, the business owner and the IT professional spoke to the Conway Area Chamber of Commerce on condition of anonymity in hopes that their experience would help other small businesses avoid a costly situation.
How to Keep Your Business Safe from a Cyberattack
- Pay attention to frequent communication failures between your hardware and server. Repeated communication failures from a credit card machine or other hardware could be the result of an equipment malfunction, but it could also indicate that someone is attempting to hack the router.
- Hire a knowledgeable IT professional to conduct regular checkups on your system. If you do not have an IT professional on staff or under contract, consider hiring one for periodic system maintenance.
- Lock it down. Ask your IT professional to encrypt your router so that one incorrect login attempt locks out the system. Only the IT professional will be able to unlock it.
- Reexamine the need for remote access. Remote access is convenient, but business owners should ask themselves if it’s worth it. Businesses without satellite offices may want to reconsider enabling remote logins to a company server. If you need remote access, explore different ways to protect remote logins, such as installing VPN tunneling on internal routers and limiting all external communication to those routers. Invest in a remote login system from a trusted IT provider.
- Maintain multiple, historical backups and log out of the server regularly to ensure system backups are successful. Establish protocols for backing up data, which can include physical printed copies and digital copies stored to external hard drives.
- Don’t charge your phone by plugging it into your laptop or desktop. For example, an Apple iPhone could carry a Windows-based virus that doesn’t affect the phone but could transmit to your Windows-based computer when the two devices are connected.
- Check to see if your insurance policy includes cyber liability insurance.
- Do not click on suspicious links in emails. Email spammers are becoming more sophisticated, creating messages that can look as if the email is coming from a trusted person. Hover over links to see the path rather than clicking on the link, and double-check the email address in the “from” line. Also consider removing employee email addresses from the company website so they cannot be as easily found and manipulated.
“I would hate to see anyone go through what we went through,” said the business owner. “But I can tell you that my team of employees and my friends came through to help however they could. It was a challenge, and I wouldn’t want to go through it again, but my faith is stronger, my belief in the good of people is stronger, and my business practices are stronger.”
At Conway Business Expo on Oct. 17, a panel on “Cybersecurity: The Threat to Small Business” will take place at 2 p.m. The session is sponsored by First Arkansas Bank and Trust and will feature IT professionals who will share current and emerging cybersecurity challenges that face small businesses, including how to prevent a possible attack.
Online registration for the cybersecurity session is available at conwaychamber.org. In addition to the session on cybersecurity, Conway Business Expo will offer sessions on business and personal savings, revenue growth for nonprofits, Census 2020, and alcohol policies for restaurants and private clubs. The cost to attend each hourlong session is $25 for one session or $40 for two. Details and times for each session are available at conwaychamber.org.
With more than 120 booths on-site, Business Expo is Conway’s largest business-to-business networking event. The 2019 Conway Business Expo is presented by Cousins’ Office Furniture and Ozark Escape. Learn more at http://www.conwaychamber.org/business-expo-and-taste-of-conway.html.