When it comes to technology risks, it is easy to be lulled into believing that risks like scamming and hacking are only targeted at the largest of business enterprises. While large technology companies like Facebook and Twitter are certainly forced to react to such threats, it is naïve to think that small businesses cannot also be the target of attacks. To paraphrase the eternal wisdom Dr. Seuss, “a company’s a company, no matter how small.”
Even “low tech” small businesses can become victims, as highlighted by the recent attack on Lancaster County’s Amish Experience at Plain & Fancy Farm. Amish Experience became the victim of a phone scam called spoofing, where an attacker uses a business’s caller ID to make robo-calls to unsuspecting users. While the attack itself did not disable the Amish Experience’s systems, a wave of calls from the aggravated recipients of the robo-calls overwhelmed all seven of the Amish Experience’s phone lines for an entire business day. More detail on this attack is available in the Central Penn Business Journal’s recent article Phone scam puts Amish Experience on hold.
Technology risks come in many forms, including direct hacking attacks, viruses and malware, or various “spoofing” tricks used to make end users believe that a business is contacting them when in fact it is a scam artist. While companies with large databases tend to be the target of the most widely publicized direct hacking attempts, even small businesses can be lucrative targets. For example, computer virus attacks, like the ransomware CryptoLocker, can be used to extort funds out of small businesses who are forced to pay a ransom to recover critical business data.
Being prepared for these types of risks requires keeping up to date on potential risks and careful planning. Some types of risks, like an attack from ransomware, can be mitigated by effective backup and document retention policies ensuring that your valuable business data is not held hostage. Other risks, like the phone scam suffered by the Amish Experience, can be minimized with effective disaster recovery plans so that your small business can continue to operate.
To learn more about protecting yourself against technology risks, contact your legal counsel and information technology services company.