Small Business Security Tips From Hackers Themselves

Many Americans have likely heard the story of Frank Abagnale, the infamous con artist who impersonated pilots, doctors and lawyers for several years in the 1960s. Abagnale, whose story was immortalized in the book and film "Catch Me if You Can," pulled off a number of heists with banks and other businesses using deception and forgery. When he was eventually caught , according to an interview with the BBC, he served a few years in prison before becoming a security advisor for the FBI and other banks.

Abagnale is perhaps the most famous criminal to use his skills for good. Many computer hackers, con artists of the modern era, now also advise businesses and consumers on how to stay safe online. In a world where anyone could become a Frank Abagnale with a computer and the right knowledge, these hackers could offer valuable advice for small business owners.

Staying smart with access

Many professionals working in the information security world likely recognize the name Kevin Mitnick. In the mid-'90s Mitnick became famous for a two-year run from law enforcement after he gained access to a number of high-profile communications networks.

"The best defense against online fraud is more simple than most realize."

After serving time in prison, Mitnick became a security consultant in hopes that other business leaders wouldn't follow in the footsteps of his victims. In an interview with PC World, Mitnick explained why his preferred method of hacking  didn't involve any sophisticated skills or equipment - just the right choice of words.

"It's much easier to hack a human than a computer because computers follow instructions,  they don't vary—humans go by emotion, by what's happening in their day," Mitnick said, according to PC World. "So it's not hard to socially engineer someone, especially if they haven't been burned before."

Social engineering may be better known as phishing, a type of scam where the criminal tricks the victim into giving up sensitive data, like a password. Social engineering can take a variety of other forms. As Mitnick explained, even opening a file on a desktop computer, or inserting a USB flash drive, can allow a program to run that could steal bank information, customer data and much more. 

The best defense against these attacks doesn't have anything to do with antivirus software or strong passwords. Business owners have a treasure trove of sensitive data at their disposal, so they need to take every step possible to protect it. Mitnick encourages people to always remain skeptical of people requesting secure information.

If you collect it, protect it

Computer hackers have garnered a generally unsavory reputation over the years, but many internet fraudsters end up sharing their knowledge for the public good. Such was the aim of Jeff Moss when he helped created DEF CON, now the largest and longest-running hacker convention in the world. Hackers from all over gather each year at DEF CON to share tips and tricks, many of which end up influencing software upgrades and law enforcement techniques.

Moss spoke to Entrepreneur.com about how small business owners could stay steps ahead  of even the best digital con artists. His advice focused on protecting the most basic assets of the business, including bank accounts. Many companies might not think to use more than one bank account for payroll, holding and checking. However, someone being paid could gain access to the sole account, and then wipe it clean. Moss suggested using a different account for each individual purpose.

Many hackers go after the mountains of customer data that businesses collect every day. These credit card numbers and other personal information are a goldmine for criminals, but many businesses leave the door to this data wide open. As Moss stated, "don't collect it if you can't protect it." 

Perhaps the most effective way to protect customer data from prying eyes is to take it offline. According to Moss, the data could be stored on removable hard drives, which can be removed and placed in a safe while not in use. This would make it almost impossible to access.

Businesses that stay smart with their data, and their behavior, remain the least likely to fall prey to a malicious hacker. Sometimes, it's best to learn from the pros.