Home Depot lost information for 56 million cards

By now, you’ve probably heard of – and forgotten – Home Depot’s security breach, announced this past fall. You probably know that 56 million payment cards were compromised in an attack that began in April but wasn’t detected until September. And you probably know that this followed a similar attack on Target which affected 70 million accounts. But do you know how these attacks on huge multinational corporations relate to your small or medium business?

The small business link

The attack used sophisticated, custom-built malware that slowly infiltrated and tested first a few points of sale, before rapidly spreading through the rest of the Home Depot network once it was proven effective and undetected. They beat multi-million dollar security systems that will, unfortunately, always be one step behind.

But both major attacks last year had their roots in the SMB sector. The hackers gained entry to the networks with usernames and passwords stolen from much simpler networks of third-party vendors and suppliers. In the Home Depot case, the login information was stolen from a vendor who used the Home Depot payment system to submit invoices, receive payments, and conduct other EDI transactions. In the Target incident, the victim – or culprit, depending on how you look at it – was a local HVAC supplier who used remote access to conduct maintenance and support. Do either of those scenarios sound familiar?

The weakest link

As a small or medium business, you may not think you represent an attractive target for hackers. After all, what could they do with your product data, or email addresses for a few thousand clients? But have you considered the extent of the chain in which your organization may represent the weakest link? This may explain why a staggering 31 percent of cyber-attacks target small businesses.

Does this sound like your business?

  1. You have direct access to the network of a larger supplier, partner, or client. You use this access for EDI, to upload inventory or products, for remote control, or for other reasons. In both cases, the hackers broke into the systems using information stolen from third-party vendors or suppliers [1][2]
  2. Your company uses Windows computers. In the case of the Home Depot attack, the hackers exploited a Windows vulnerability.
  3. You rarely, if ever, verify that your Windows systems are up-to-date. The Windows vulnerability was eventually patched, but too late.

Small businesses and cyber security

Small businesses like yours are extremely attractive targets for hacking, because they hold the keys to the treasure room, are more likely to have holes in their security, and are less likely to notice when those holes are exploited. You may think that you need a million-dollar IT budget to protect against such attacks, but that’s not true. There are some very easy steps you can take to protect your business.

3 easy ways to improve your information security

  1. Upgrade your old Windows XP systems, which at this point can no longer be protected
  2. Make sure that critical patches are installed [2] early, blocking the type of vulnerabilities exploited in the Home Depot attack
  3. Outsource security to a company that can provide it properly and affordably

Outsourced management

Proper security management and monitoring doesn’t need to be expensive.

Our CompuCARE managed service plans start at just $5/month per user, and include constant monitoring of intrusion attempts and password failures. We push security updates and system reboots, and get alerted when something’s wrong. We can set up secure remote connections, and lock down your network so it’s protected from the outside. And we consult regularly with our clients to make sure their security policies are up-to-date, and appropriate for their size, industry, and sensitivity.

Contact us today to discuss your company’s security, and how we can help.