Why Hackers Target Small Businesses Who Use Macs, iPads & iPhones

Why Hackers Target Small Businesses Who Use Macs, iPads & iPhones

CC-licensed, thanks homard.net via Flickr.

If you’re a freelance or independent developer, designer, content jockey or two-person startup, you may not even consider yourself a small business.

But the client data on your laptop and the banking you do with your iPhone leaves you wide open as a target for hackers — and lawyers.

For Neal O’Farrell, executive director of the San Francisco nonprofit Identity Theft Council, thinking you’re too small to get serious about security is about as dumb as you can get.

O’Farrell gave a talk titled “The Hackers are Coming – Why the Small Business is the Big Target and What You’ve Got to Lose” as part of San Francisco Small Business Week.

His aim? To “scare the bejesus” out of the 20-or so attendees.

Why Hackers Target Small Businesses Who Use Macs, iPads & iPhones

Neal O'Farrell, via nealofarrell.com

“There were more breached records last year than U.S. population than U.S. residents last year and more cases of identity theft than just about all other crimes combined,” he said.

Unless you’re encrypting all of your devices, you’re pretty much asking for trouble.

“You’ve got to wake up and protect yourself, even if you use a Mac,” he said. Hackers hit with automated bots and the ease with which you synch your contact information from your laptop to your iPhone and do your banking on it make all your data vulnerable.

“I don’t use banking apps for my phone,” said O’Farrell, who worked on the first system to secure Ireland’s ATM network, adding that when they first launched eight out of ten mobile banking apps had security flaws. “I’ll wait another 20 years to stick my toe in that pond.”

The idea that Apple devices are less vulnerable to hacking doesn’t hold anymore – in part due to the runaway popularity of the iPhone and iPad. “Hackers go where the crowds are. We’ve also seen a 400% increase in Android attacks. It doesn’t mean they are more vulnerable, just that they are targeting the mass of users.”

After opting out of the family weaving business some 30 years ago, the pugnacious Dubliner became a security consultant who has advised organizations including Toyota, Merrill Lynch, Cost Plus World Market and the Bulgarian Government.

O’Farrell related the horror stories that his nonprofit hears by the hundreds each month from business owners. A small escrow company had half a million dollars slowly drained from its account after two employees clicking on a bogus UPS email notification launched a bank trojan; a restaurant is out about $200,000 from card skimmers.

These hapless victims then discover that the police investigate less than one percent of these crimes — and the banks consider it a police matter. The legal system isn’t much help either, since the 1978 Electronic Funds Act only covers consumers and courts often rule in favor of banks.

“These are almost non-investigatable crimes,” he noted. “If you live in San Francisco and your bank data or identity gets used or stolen in San Mateo, those are different counties and the cops don’t talk to each other. There’s too much paperwork. They signed up to put blue lights on cars and get the bad guys.”

And here’s the thing: you don’t need an office, a staff or what your grandparents would consider a proper business to find yourself with a costly headache.

Say your MacBook gets stolen or data is lifted from it while it’s in for repairs, or you don’t wipe the hard drive when you sell it.

“My biggest fear isn’t the hackers but the lawyers,” he said. “Say you’ve had 1,000 customers over the years. Once that computer is sold or stolen or whatever, it puts you at risk under Federal and state data breach laws.”

And, perhaps more importantly, there’s a difference between liability and what you can be sued for if a lawyer sniffs out a good case, O’Farrell notes. The average cost, depending on the information, is $200 per breached record.

The bright side to this dismal scenario: there are some fairly inexpensive fixes and solutions, O’Farrell said.

A summary of his tips:

  • Get a cheap netbook to use exclusively for online banking. (No email, etc.)
  • “Lose the bank’s money” by using your credit card instead of your debit card for anything other than getting cash from your bank’s ATM. Favor your personal credit card over your small business credit card – individual consumers are better protected.
  • Erase, delete, encrypt. (For encryption, he named AxCrypt and TruCrypt, though he doesn’t specifically endorse them.)
  • Assume that people who send you emails are dumber than you. If it looks funny, call or send a separate email to verify.
  • Teach everyone who exchanges electronic data with you (including your accountant, intern, etc.) to favor caution over curiosity when it comes to opening emails.
Related
  • drblank

    He should list the actual ways they can do it and how to prevent it instead of saying just that they targeting Apple users.  They are targeting everyone.  Windows users and Android users.

  • technochick

    What a steaming pile of FUD. Everything he talks about doesn’t happen just to Macs. If you aren’t putting passwords on your stuff, aren’t wiping it before selling it or taking it to a reputable company you can trust not to steal your data then that’s on you. Doesn’t matter if you are using a Mac or a PC

    And to listen to this guy it seems like he thinks we should go back to keeping stacks of cash in the sock drawer. After all computers can be hacked, users phished etc

    And don’t get me started on Nicole’s total FUD hit whoring headline.

About the author

Nicole MartinelliNicole Martinelli heads up Cult of Mac Magazine, our weekly publication available on iTunes. You can find her on Twitter and Google+. If you're doing something new, cool and Apple-related, email her.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in Apple, Featured stories, News, Security | Tagged: , , , , , , , |