Equifax hack has businesses uneasy

By Joyce M. Rosenberg

AP Business Writer

NEW YORK (AP) — The Equifax breach is reminding small business owners that they may be vulnerable to cybercriminals.

Companies that provide security and other technology services to small businesses say they’ve had an increase in calls from customers since Equifax revealed that the personal information of 143 million Americans had been exposed. The hack galvanized some owners into dealing with long-delayed issues.

“A customer called me today wanting to replace their one remaining XP computer,” says Bob Herman, owner of IT Tropolis, a tech service company in Fountain Valley, California. Microsoft stopped providing security updates for XP models three and a half years ago.

Small businesses often lag behind big companies in data security, not believing they might be targets. But 61 percent of the victims of breaches in 2016 were businesses with fewer than 1,000 employees, according to a Verizon survey. And experts say small companies are being targeted more because they don’t have the sophisticated defenses that big corporations do.

Still, Equifax says its systems were breached after it failed to correctly install a software patch designed to eliminate a vulnerability. Applying patches as soon as they’re available and watching for new ones are critical for a company to protect itself, experts say.

But many small business owners, sidetracked by other issues, don’t pay enough attention, says Diana Burley, a George Washington University professor whose expertise is internet security. Many don’t have staffers or vendors to monitor technology, and no plan to improve their security.

“When you’re in a crisis situation is not the time to develop a plan,” Burley says.

Small businesses can be harmed by cybercriminals in a variety of ways. Here are some companies’ experiences:


Towne & Country Building Inspection downloaded several apps to enhance the Google calendar the company uses for customer appointments. In July, owner Scot McLean noticed some glitches — an appointment might disappear, or show up on another day. The problems persisted for about a week, stopped and started again. Then suddenly, four weeks of appointments vanished.

McLean’s staffer in charge of technology determined that the apps were vulnerable to hacking, and someone was able to log in and erase the appointments.

“The hack cost us thousands of dollars in lost revenue,” McLean says. Towne & Country was able to recreate part of the calendar, but most of the appointments were lost. Some frustrated customers didn’t rebook, turning instead to other inspection services.

The Bayside, Wisconsin company eliminated all apps as well as plugins that added features. It changed its passwords and set up two-step verification, which requires a password and a single-use numerical code to log in.


Reuben Kats clicked on an attachment in an email nearly a year ago and soon found all the files of his website design business were encrypted and unable to be used. Grabresults.com was the victim of ransomware, or malicious software that hackers plant, hoping to extort money by holding a user’s files hostage until they’re paid a ransom.

Kats avoided paying because the Los Angeles-based company’s files were backed up on a secure online service. Although infected computers can be fixed by returning them to factory condition, erasing all contaminated files, he chose to buy a new one.