“On the one hand, as a consumer you have to be careful when you go to online sites,” Mr. Marchany said, but on the other, it’s a business owner’s job to “take all known steps to [protect] the data they collect.”
“The first thing I would say to any business is have backups kept on a machine, preferably off the Internet,” Mr. Katz said. “In the event of an attack, or [information] is corrupted, or stolen, then you can recover from the attack afterward.”
For small businesses in particular, Mr. Katz said, it’s often better to get outside help to handle the security details.
“Some businesses have that expertise, but outsource this as much as you can,” Mr. Katz said. “You don’t have to worry about it all. Unless you’re a computer expert, you either want to hire somebody or contract out to manage security.”
A company needs to protect two types of information: that from the business and from the network accepting electronic payments. “You need to make sure customer data is secure,” Mr. Katz said.
Companies don’t necessarily need the Fort Knox of cybersecurity systems, Mr. Katz said.
“If you’re a small company, attackers aren’t trying to go after you specifically. They’re looking opportunistically,” he said. “It’s like if you have a bunch of stores on a street with rudimentary locks and you leave your store unlocked. Make sure you’re meeting the basic notions of security so you’re not low hanging fruit that attackers can pick on.”
Tudor Dumitras, an electrical and computer engineering professor who also works at the Maryland Cybersecurity Center, echoed his colleague’s advice.
He warned against downloading anything from an unknown source and not clicking on a link with an unfamiliar source.
“It’s sort of cyberhygiene,” Mr. Dumitras said. “They don’t prevent attacks 100 percent, but they will reduce their likelihood.”
Those attacks are just as hard to predict, Mr. Dumitras said.
The trend several years ago consisted of widespread breaks with the goal of reaching as many people as possible, but “now we see attacks that are sort of targeted, crafted for a very specific goal,” Mr. Dumitras said.
“It’s not very clear to me if small businesses are affected by this yet, but I think they will be,” he said. “These trends tend to change year to year, month to month. In general, cybercrime is a business. It’s been a business for over a decade now, where cybercriminals are doing it for profit rather than for fun.”