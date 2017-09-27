By JOYCE M. ROSENBERG

AP Business Writer

NEW YORK (AP) — The Equifax breach is reminding small-business owners that they may be vulnerable to cybercriminals.

Companies that provide security and other technology services to small businesses say they’ve had an increase in calls from customers since Equifax revealed that the personal information of 143 million Americans had been exposed. The hack galvanized some owners into dealing with long-present deficiencies.

Among the many reasons for concern, one of the biggest is the possibility that companies have faulty apps. Towne & Country Building Inspection, a company out of Bayside, downloaded several apps not long ago to improve the Google calendar it uses to keep track of customer appointments. In July, the company owner, Scot McLean, began noticing some glitches. Appointment records were disappearing and then showing up attached to other days.

The glitches persisted for about a week, stopped and started again. Then suddenly, four weeks of appointments vanished.

The staff workers in charge of technology eventually found that the apps were vulnerable to hacking, and that someone had been able to log in and erase the appointment records.

“The hack cost us thousands of dollars in lost revenue,” McLean says.

Towne & Country was able to recreate part of the calendar, but most of the appointments were lost. Some frustrated customers refused to rebook, turning instead to other inspection services.

The company responded by eliminating all its apps, as well as plugins that added features. It changed its passwords and set up a two-step verification system, one requiring users to enter both a password and numerical code to log in.

Despite such cautionary tales, many small-business owners remain slow to recognize these threats. As as result, they tend to lag behind big companies in establishing strong data security.

Data suggest more caution is in order. Slightly more than 60 percent of the victims of breaches in 2016 were businesses with fewer than 1,000 employees, according to a Verizon survey. Experts say small companies are now often being targeted because they lack the elaborate defenses that most big corporations have.

Still, Equifax says its systems were breached after it had failed to correctly install a software patch designed to eliminate a deficiency. Applying patches as soon as they’re available and watching for new ones are crucial steps that companies can take to protect themselves, experts say.

But many small-business owners get distracted by other considerations and don’t pay enough attention to what should be a priority, said Diana Burley, a professor George Washington University with expertise is in internet security. Many have no staff members or vendors who are responsible for monitoring technology, and no plan to improve their security.

“When you’re in a crisis situation is not the time to develop a plan,” Burley says.

Small businesses can be harmed by cybercriminals in a variety of ways. Here are some companies’ experiences:

A WRONG CLICK

Reuben Kats clicked on an attachment in an email nearly a year ago and soon found all of his website-design business’s files were encrypted and unable to be used. Grabresults.com was the victim of ransomware – s type of malicious software that hackers plant in the hope of extorting money by holding a user’s files hostage until ransom has been paid.

Kats avoided paying because the Los Angeles-based company’s files were backed up on a secure online service. Infected computers can be reset by returning them to factory condition, thus erasing all contaminated files.

Kats chose to go a more direct route, though. He bought a new computer.

Kats he later found that the culprit email had a phony address. Now he checks before he clicks.

“I make sure all emails are sent from the actual company domain name,” Kats says.

OVERWHELMED BY MALWARE

At Hyannis Whale Watcher Cruises, hacker got into the company’s computers in March 2016, just a month before its seasonal boat trips were scheduled to start.

When the website manager Melissa Marchand called the company that hosts the website, she learned there were 100,000 pages of pornography on the site. This was an emergency: 90 percent of the Barnstable, Massachusetts, company’s tickets are sold online.

Marchand got in touch with a computer-security company that began removing malware from the website, a procedure that took two days. By the third day, the cruise company was selling tickets again. Marchand estimated it took six weeks for the number of visitors to the site to return to what it had been before the attack.

“Fortunately, it was very early in the season. If this had happened in July, it would have been hundreds of thousands of dollars in revenue lost,” she says.

HACKING FALLOUT

Small businesses can become victims after hackers invade larger retailers like Target or Staples and steal credit card data, or if information is stolen in other ways. A customer brought a laptop to New York Computer Help in Manhattan to have a screen repaired and paid with a credit card, signing on an electronic signature pad. That night, the owner – Joe Silverman – got a text from someone else asking why his card had been charged. The card was counterfeit, and Silverman was out $650.

“His credit card, although still in his own wallet, was somehow ripped off by this fake customer,” Silverman says.

Silverman says he’s careful with emails that could have phishing links or that ask if he’ll do cash transactions – a hallmark of fraudsters. His website has safeguards against credit-card crime. After this incident — not the first to cause him to be a victim of fraud — Silverman and his staff are monitoring transactions closely. One step they now regularly take is to send test charges to card issuers to make sure a card is legitimate.

INSIDE JOB

In May, managers at Boomsourcing got a notification from one of its software programs warning them that someone was trying to access their data without authorization. None of the business-software company’s information was stolen, but “it woke us up to the vulnerabilities that a small business has,” manager David Hyde says.

The Lehi, Utah-based company conducted what Hyde calls “our own NCIS work” using social media to figure out that the culprit was an employee who was trying to use the information to do his own deals. Boomsourcing now uses software that tracks the movements of everyone using its systems.

“If they were to download something they weren’t supposed to, we would know,” Hyde says.