HOUSTON — Cybersecurity for small business is a major concern for large companies and government entities that interact with them, with many beginning to limit work with firms that are not secured, experts said during a Houston event Friday.
Leaders from Shell, CenterPoint Energy, NASA and the Federal Reserve Bank of Dallas were among those proposing important measures to defend against hackers during a State of Cybersecurity event hosted by the Greater Houston Partnership. They said companies have started to cut off work with businesses that are not keenly aware of online threats.
Hackers frequently have broken into small businesses to steal information from large ones, or to cause damage, speakers said.
“We can protect ourselves, we can protect our people, we can protect our assets, but when we have these collaborative workspaces and we interface with other people, now we’re trying to protect their assets also,” said Rashi Bates, general manager for Shell WindEnergy.
Security concerns: Hackers targeting energy subcontractors for big steals
Bates said companies like Shell were beginning to take the same stance with computer security that they do with physical safety, requiring partners to employ significant programs.
“It’s getting to be the same thing with cybersecurity,” he said. “We give preferential treatment to people that actually take that awareness seriously.”
But computer security is also a concern for businesses like restaurants, said Bob Borochoff, CEO of Cafe Adobe, a Houston restaurant chain.
He said a close friend of his was at one of his restaurants a few years ago and received a call from Citibank warning that his credit card was being used in Los Angeles soon after swiping it at the restaurant in Houston. A bartender used a handheld device to swipe the card and move information through the restaurant’s wifi system, allowing the card to be cloned by accomplices in Los Angeles.
“There are crazy terrible things that happen in retail,” Borochoff said.
Working with experts, the Greater Houston Partnership has developed a cybersecurity guide for small businesses, available at www.houston.org/cybersecurity. The guide advises firms to promote awareness within their companies about online threats and encourage “security hygiene” to keep businesses and their information and finances safe.
“Simply replying to everyone on an email thread is dangerous,” said Andre Sawyer, director of security for Locke Lord. “If you don’t know everyone on an email thread, ‘reply all’ is dangerous.”
During the event, Houston Mayor Annise Parker said the city had suffered a cyberattack nine years ago, initially losing “a few hundred thousand dollars.” The city was “made whole” through a contract with a bank that required the bank to prevent such transactions, she said.
But the attack exploited the wide access that city financial employees had to its system, and had initially experimented with transactions of less than $4 before eventually taking the large sum, Parker said. She was the city’s controller at the time of the attack.
“It is important for all of us to recognize that we have to continuously work together to make sure that the organization the entities and the assets over which we have responsibility are protected,” Parker said.