Hidden Dangers in your Digital Data: A Wake-Up Call for Small Business Owners

Picture of Carmine J. Corridore

Carmine J. Corridore

Carmine Corridore is a seasoned professional in the I.T. industry with over 30 years of experience. He has held various positions from field tech, team lead, service manager, project manager, and Director of I.T. Currently, he serves as the Client Facing Chief Strategy Officer and President of Underdog Cyber Defense. Carmine is a Rotarian and serves on the local chamber board and several committees. Carmine believes in giving back to the community, and he accomplishes that through donations and sourcing local talent and goods. Carmine is Credentialed and Certified in Cybersecurity.

Book a 15 Minute Strategy Session

“We don’t store anything locally,” She said. “All the applications we use are on the internet,” she continued. What happened next would shock her. More on that in a minute.

Every day, I speak to business owners. My primary job is to educate them on cybersecurity, even in a small business. Once they get over the shock that they are not too small to be a victim, the next hurdle is that they have something the criminal wants: Data! 

Let’s define this mysterious word “Data.” What is it? Simply put, data is documents, spreadsheets, text files, emails, databases, and PDFs. 

Let’s quickly define the goal of a cybercriminal or hacker. Like any other criminal, the goal is to make money by stealing stuff, whatever that “stuff” might be. Of course, do it without being caught! 

Now that we have everything nicely defined, we will answer the next logical question: are you ready? Do you know what that question is? Right, How can they use my “DATA” to achieve their “GOALS”? That is an excellent question, and thank you for paying attention.

As I mentioned previously, data is everything; in a particular light, it is like the chicken and the egg. Hackers steal data to sell the data to other hackers to steal different data. Confusing right? Here are some ways Cybercriminals or Hackers can use the stolen data.

Direct Monetization of Data

  1. Selling Personal Information: Cybercriminals often target personal data, such as names, addresses, social security numbers, and credit card information. This data can be sold on the dark web to other criminals who may use it for identity theft, applying for loans, or making unauthorized purchases.
  2. Ransomware Attacks: In these attacks, cybercriminals use malware to encrypt a victim’s data and then demand payment for the decryption key. Businesses, especially those that rely heavily on their data for day-to-day operations, are often willing to pay significant sums to regain access to their information.
  3. Banking and Financial Fraud: With access to banking details, cybercriminals can directly transfer funds from victims’ accounts or make fraudulent transactions. This can also include the creation of fake accounts or the cloning of credit and debit cards.

Indirect Monetization of Data

  1. Credential Stuffing: By obtaining usernames and passwords from one breach, criminals can attempt to access accounts on other platforms, exploiting the common practice of reusing passwords. This can lead to unauthorized access to valuable services or sensitive information.
  2. Phishing Campaigns: Armed with personal data, cybercriminals can craft convincing phishing emails or messages that trick recipients into providing further sensitive information, such as login credentials or financial information, under the guise of security alerts or other pretexts.
  3. Corporate Espionage: Sometimes, data stolen from businesses can be sold to competitors or used to gain a competitive advantage. This can include trade secrets, client lists, or upcoming business strategies.

Now, back to the story. After telling me everything was in the “Cloud,” she was confident that there was nothing on her system to be stolen since those cloud solutions have their own high-tech security(more on this later). We always recommend doing a cybersecurity risk assessment. It’s a powerful business tool for the business owner. It uncovers hidden risks and vulnerabilities that the business owner wasn’t aware of and allows them to make informed financial decisions on how to protect and manage their risk. Confident we couldn’t find anything, she allowed us to perform the assessment. A few weeks later, we presented our findings. 

Our Process:

We Identify five key elements that allow the business owner to see where there are gaps in their business and what that financial impact can be. 

Team: How likely will your employees click on a phishing email that can cause damage to your business? Phishing emails are becoming more sophisticated. Are your employees adequately trained in what to do when an email looks suspicious? 

Data: Earlier in this article, we defined what data was. We aim to determine where it is, who has access to it, and how vulnerable it is. 

Applications: What applications do you “think” you use to do your job, and what applications are being used? More importantly, what vulnerabilities does this software have? 

Network: What is the state of the computers and network equipment, what vulnerabilities do they have, and how can they help advance a cyber threat?

Total Financial Impact: We tie it together to give you a clear picture of financial impact. Based on everything we have uncovered, what would that financial impact look like if you were a victim of a cyber incident?

Our Findings:

 Once we completed our assessment, we presented our findings to the owner. Here is our conclusion:

Team: Based on a series of phishing tests, we determined her team was very susceptible to phishing attempts. We sent out a total of 12 emails.

  • 4 Were Opened – this is bad because cyber criminals are embedding malicious code written in the body of emails
  • 1 Clicked a Link – This is bad because the link can take you to a malicious website that can download some virus
  • 1 Submitted Data – The worst outcome; we can do this credential harvesting. The end user submitted some credentials or sensitive information. It’s enough that it could have launched a wire fraud or worse. 

Data: We found over $200,000 of data sitting unencrypted on their computers. This is significant because it’s the reason WHY  you are IMPORTANT to a cyber-criminal. From the beginning of the article, they did “EVERYTHING” in the cloud, yet this data sat on their local computers.

Application: Despite having a few line of business applications in the cloud, we found several freeware and old, outdated applications on their computers. Many of them had unpatched vulnerabilities that were years old. This is significant because it’s HOW the criminal can exploit your computer in the first place to get further into your environment. 

Network: Several of their computers were older than 5 years and had outdated system-level patches. For the same reason as applications, this is another HOW. The older a computer gets, the less supported they are, and system-level vulnerabilities are not patched. 

Total Financial Risk: We determined, based on the risk factors above and the annual revenue and payroll information, that a single cyber event would cost this business owner around $607,000How could your business survive? 

Want to know more about our process, give us a call today at 570-243-9205 or book a no-obligation consultation at https://underdog.contact

author avatar
Carmine Corridore

Monroe County, Pennsylvania (PA)

Analomink – Appenzell – Arlington Heights – Arrowhead Lake – Barton Glen – Bartonsville – Blakeslee – Blakeslee Estates – Blue Mountain Pines – Bossardsville – Brainerd Center – Briar Crest Woods – Brodheadsville – Buck Hill Falls – Camelot Forest – Canadensis – Castle Garden – Castle Rock Acres – Chestnuthill Township – Coolbaugh – Coolbaugh Township – Coveville – Craigs Meadow – Crescent Lake – Cresco – Delaware Water Gap – Dotters Corners – East Stroudsburg – East Swiftwater – Easton Anglers – Echo Lake – Effort – El-Do Lake – Eldred Township – Emerald Lakes – Fernridge – Fiddletown – Forest Glen – Foxtown Hill – Frutchey – Gilbert – Gravel Place – Hamilton Square – Hamilton Township – Henryville – Indian Mountain Lake – Jackson – Jackson Township – Jonas – Kahkhout Mountain – Kellersville – Kemmererville – Kingswood Estates – Kresgeville – Kunkletown – Lake Naomi Estates – Little Summit – Locust Lakes Village – Long Pond – Lower Tannersville – Marshalls Creek – McIlhaney – McMichael – Mechanicsville – Meisertown – Merwinsburg – Middle Smithfield Township – Minisink Hills – Monroe Lake – Monroe Township – Mount Pocono – Mount Zion – Mountain Top Estates – Mountainhome – Mushroom Farms – Neola – North Water Gap – Oak Grove – Paradise Crossing – Paradise Township – Paradise Valley – Parkside – Penn Estates – Pleasant Valley Estates – Pleasant View Lake – Pocono Country Place – Pocono Farms East – Pocono Heights – Pocono Lake – Pocono Laurel Lake – Pocono Manor – Pocono Pines – Pocono Playhouse – Pocono Summit – Pocono Summit Estates – Pocono Township – Polk Township – Poplar Bridge – Pocono Township – Price Township – Preserve – Red Ledge Manor Estates – Reeders – Resica Falls – Robin Hood Lakes – Ross Common – Ross Township – Rossland – Sandhill – Saylorsburg – Sciota – Scotrun – Shawnee on Delaware – Shoemakers – Sierra View – Ski Haven Lake Estates – Skytop – Smith Gap – Smithfield Township – Snow Hill Falls – Snydersville – Spruce Hill – Stillwater Lake Estates – Stillwater Lakes – Stormville – Stroud Township – Stroudsburg – Sun Valley – Swiftwater – Tannersville – Tobyhanna – Tobyhanna Township – Tunkhannock Township – Turn Villa – Wagners – Wagners Forest Park – Warnertown – Weir Lake – Wigwam Lake Estates – Wilderness Acres – Winona Lakes – Wiscasset – Wooddale.

Alburtis – Allen Junction – Alton Park – Allentown – Ancient Oaks – Arlington Knolls – Balliettsville – Best Station – Bethlehem – Bittners Corner – Breinigsville – Bungalow Park – Catasauqua – Cedarbrook County Home – Cementon – Center Valley – Centreville – Chapman – Chestnut Hill – Claussville – Coffeetown – Colesville – Coplay – Corning – Crackersport – Custer – DeSales University – Dewey Heights – Diebertsville – Dillingerville – Dorneyville – East Allentown – East Fogelsville – East Texas – Egypt – Emerald – Emmaus – Emmaus Junction – Evergreen Park – Farmington – Fogelsville – Fountain Hill – Friedens – Friedensville – Fullerton – Gauff Hill – Germansville – Greenawalds – Griesemersville – Guth – Guthsville – Haafsville – Haines – Hanover Acres – Hawktown – Helfrichsville – Hensingersville – Hillside – Hilltown – Hokendauqua – Home Park – Hosensack – Hynemansville – Ironton – Jacksonville – Jordan Valley – Juniper Circle – Kaywin – Kernsville – Krassdale – Krocksville – Kuhnsville – Lanark – Laurys Station – Leather Corner Post – Lehigh Furnace – Lehigh Gap – Limeport – Litzenberg – Lochland – Lockridge – Locust Valley – Lynnport – Lynnville – Lyon Valley – Macungie – Mechanicsville – Metamora Station – Meyersville – Mickleys – Mickleys Gardens – Midway Manor – Milford Park – Minesite – Mosserville – Mountainville – Neffs – New Smithville – New Tripoli – Newhard – Newside – Newtown – North Coplay – North Fogelsville – Notre Dame Hills – Old Zionsville – Orefield – Ormrod – Overlook Springs – Park Way Manor – Parkside Courts – Peters Store – Pleasant Corners – Powder Valley – Raberts Corner – Raubs Mills – Rextown – Rising Sun – Ritterville – River View – Rockdale – Rosemont Terrace – Ruchsville – Ruppsville – Saegersville – Saucon Valley – Saucon Valley Terrace – Scheidy – Scherersville – Schnecksville – Schneidersville – Seiberlingville – Seiple – Seipstown – Shankweilers – Shimerville – Sigmund – Slateville – Slatedale – Slatington – Spring Creek – Steinsville – Sterlingworth – Stetlersville – Stiles – Stines Corner – Summit Lawn – Switzer – Trexlertown – Trout Creek – Unionville – Vera Cruz – Vera Cruz Station – Walbert – Waldheim Park – Wanamakers – Weidasville – Weilersville – Weisenberg – Wellington – Welshtown – Wennersville – Werleys Corner – Wescosville – West Catasauqua – Westwood Heights – Wilbur – Williamstown – Woodlawn – Zionsville

more insights

Book a 15-Minute Strategy Session!

Are you ready to take the next step toward your business’s cyber security? Contact us today with any questions you might have or to request a no-hassle strategy session — we’re ready to fight for you!

New Look. New Name. New Focus.

Underdog Cyber Defense, formerly know as Underdog Computer and Network Solutions LLC., has rebranded to communicate that we are now focusing our exceptional IT and network capabilities on the vast challenges associated with Cyber Security.