Do large publicly-traded corporations have a monopoly on hacking attacks?  Not according to the Wall Street Journal, which reports that "small breaches" - i.e., cyber attacks against firms with 100 or fewer employees - is increasing exponentially.  Hackers are finding that they can, perhaps more easily, steal obtain bank and credit card information at the small business level.  [C-I Note:  Essentially, a 'high volume, low margin' strategy.] 

In 2010, the U.S. Secret Service and Verizon Communication's forensic analysis unit investigated some 761 data breaches, compared to 141 investigations in 2009.  That's a one-year jump of 540%.  Of those 761 invsetigations, 63% involved companies with 100 employees or fewer.

Growing Concern for Financial Services Industry.   With hackers tasking themselves with the theft of banking information, which they can use to initiate and control transfers - the financial industry has reason to be concerned.  For one thing, small to mid-sized brokerage and advisory firms are in the majority.  And, as one can appreciate, most small businesses and firms tend to be far less secure than their larger counterparts.  Hackers have taken notice - after all, it doesn't take a 'rocket scientist' to make this observations. 

All businesses store data in electronic form and/or use the Internet to communicate this information - say to their banks and clearing brokers.  Combine these daily transmissions with a small firm environment that probably lacks state-of-the-art security systems and controls, that are maintained by few, if any, in-house technical and security staff.

Hacking at small businesses "is a prolific problem.  "It's going to get much worse before it gets better."   -- Special Agent Dean Kinsman of the FBI's Cyber Division, which is actively investigating more than 400 crimes.

Critical Take Aways.   With computerized data storage and constant Internet access a given in business today, half-measures in security won't do the trick.  Nor will a reactive approach.  Firms no longer can afford to wait to act when FINRA or other regulators adopt rules that govern computer and internet security.  Instead, they must constantly think "out of the box" and take a proactive approach to all computer and cyber risks. 

Simple things like using quality passwords, for example, can make a huge difference.  When was the last time your firm or client instructed personnel to change the security settings in their profiles. 

For further details, go to:   [WSJournal, 7/21/11]