- Michael J. Alter
- Related Posts:
Cyberattacks on Small Businesses – Another Worldwide Threat
During the past year and a half, we’ve endured a worldwide pandemic that has challenged our physical well-being, the productivity of our workforce, the stability of our economy, and the mental health of millions of men, women, and children. Fortunately, the pandemic seems to be loosening its grip and allowing us to regain some sense of normalcy. But Covid-19 was only one of the dangers we’ve been facing during the last few years. Another has been, and continues to be, cyberattacks on the communications and operations systems of industries around the world.
According to CSO United States, “5,258 confirmed data breaches occurred in 16 different industries and four world regions…This historic increase in cybercrime resulted in everything from financial fraud involving CARES Act stimulus funds and Paycheck Protection Program (PPP) loans to a spike in phishing schemes and bot traffic. Piled on top of that is a growing wave of ransomware and software supply chain attacks.”1
In an online article published by Travelers Risk Control, another explanation for the increase in crime was given as follows: “… end-user software like Cryptolocker has commoditized the malware industry, making it accessible to a wider variety of criminals and less-skilled hackers.”2
Cybersecurity is a Problem for Businesses Big and Small.
The FBI estimates that in 2020 alone cybercrime cost the American economy and the individual businesses that compose it $2.7 billion dollars.3 But sole proprietorships are especially vulnerable because they generally have limited time and money for cybersecurity. Yet there are several affordable steps business owners can take to protect themselves from the worst consequences of an assault.
A Strong Defense Is the First Step to Safety
Here are seven actions to take to build protection against the damage a cyberattack can do:
- Review the nature and amount of your data. This will help you determine what a cybercriminal would most likely be after. Back up your files and data and also your bandwidth capabilities. That way, if an extortion attempt is made, you’ll still have the information you need to keep going.2
- Develop a plan of what to do if and when a breach occurs. Limit access to sensitive information only to those who need it. Designate who will be alerted first about a breach and the course of action they’re expected to follow. Go over this plan several times a year so everyone knows who does what and when. 2
- Make sure your systems have the correct firewall and antivirus software. Then, once everything is in place, evaluate the settings on software, browser, and email programs to make sure they’re right for your needs without increasing your risk.2
- Equip each of your computers with antivirus software and antispyware. These are available through various vendors, and all of them provide patches and updates to keep up with the latest threats as they occur. Make sure all of this software is installed so it updates automatically.2
- Change passwords frequently.3 This is a relatively painless way to immediately improve your cybersecurity. But remember to use different passwords for different accounts. And be sure they consist of 10 or more characters including:
• One or more uppercase letters
• One or more lowercase letters
• One or more numbers
• One or more special characters
- Install data breach prevention tools including intrusion detection.2 Once a cyberattack has begun, time is of the essence. So have appropriate software in place that will alert you as soon as an attack begins.
- Invest in insurance coverage for the company specifically against cyberattacks. Usually this type of insurance provides coverage for the costs associated with data breaches and extortion demands. Your plan should provide you with access to professionals who will help you from the time you’re attacked to resolution of the threat.2
Hire Good People and Prepare Them Well.
Talented staff members are always hard to find — especially now that small businesses are competing with larger companies, and each other, for top-notch employees. But neglecting to check references and interview carefully can be a very costly mistake. Fake resumes, exaggerations of experience, and references that somehow are never available are all signs of dishonesty. A thorough background check can reveal a lot including past crimes.2 So can a simple Google search.
Build a strong company culture.
Recognize and reward employees who take a pro-active approach to the success of the company and its security. Because employees who take security protocol personally can be your best protection against outside attacks.
Train new hires to recognize the following cyber threats when they see them:
✔ Malware – This is a broad term for software developed for malicious purposes. For instance, anything that can cause damage to hardware, software, a network, or data. Malware includes ransomware and viruses.
✔ Viruses – Like their biological namesakes, computer viruses are harmful to a host computer and spread from one connected device to another. They’re designed to give cybercriminals access to business or personal computer systems.
✔ Ransomware – This is another form of malware that infects and restricts use of a computer until a ransom is paid.
✔ Phishing – This is a cyberattack that gathers sensitive information by infecting machines via an email or a malicious website. The emails mimic those that might be sent by legitimate organizations or a familiar individual. They are often set up to trick users to click on a link or attachment containing the corrupting code. When the code is run, the computer is infected by the malware.
Four Resources and Tools to Help You Access Your Risks
Both the Federal Communications Commission (FCC) and Department of Homeland Security (DHS) offer a range of free or low-cost tools to help small businesses protect themselves from cyberattacks including:
- An FCC Cybersecurity Planning Tool can help you develop a strategy for your business based on your specific needs.
- A Cyber Resilience Review is available to business owners from the DHS to provide a non-technical assessment of operational resilience and their company’s cybersecurity practices. Small businesses can also request a facilitated assessment by the cybersecurity experts at the DHS.
- Free Cyber Hygiene Vulnerability Scanning is available through the DHS to secure internet-facing systems from weak configuration and other vulnerabilities.
- A Chain Risk Management Toolkit is another offering from the DHS to protect business data and communications technology from attacks on your supply chain. This was created by the department’s Cybersecurity and Infrastructure Agency (CISA) to raise awareness and reduce the impact of supply chain risks.
Your IT Provider Can Also Assess Your Needs and Help You Develop a Long-term Plan
I asked Neal Wankoff, the owner of Prairie IT Services, for some suggestions on how small businesses can protect their accounts, customer information, plans, and other data from cyberattacks. Helping clients protect their IT systems is one of Neal’s specialties. He knows that when records are lost, stolen, or damaged entire businesses have been destroyed. Here’s a checklist Neal suggested that you can review with your own IT provider:
- Verify that a reputable next generation anti-virus program is installed on every computer
- Enable host-based or antivirus based firewalls on all systems
- Ensure that all employees are using non-administrative accounts for day-to-day computing
- Make sure all computer operating systems are up to date with patches through an automated system
- Enable two-factor authentication on remote access and email accounts
Neal reiterated the need for small businesses to protect themselves from cyberattacks. As he says, “Companies of all sizes have been victims of cybercrime and small businesses should not consider themselves too small to be bothered. It’s just not the case. All businesses should establish cybersecurity standards for their organizations and follow up on them on a regular basis to confirm they are followed.”
1 Carlson, Brian, “Top Cybersecurity Statistics, Trends, and Facts,” CSO United States, IDG Communications, 2021, https://www.csoonline.com/article/3634869/top-cybersecurity-statistics-trends-and-facts.html
2 “11 Steps to Help Protect Your Business from Cyber Extortion,” Travelers, https://www.travelers.com/resources/cyber-security/11-steps-to-help-protect-your-business-from-cyber-extortion
3 Stay safe from Cybersecurity Threats, US Small Business Administration, https://www.sba.gov/business-guide/manage-your-business/stay-safe-cybersecurity-threats