Unfortunately, small businesses are sorely mistaken about their attraction to cyber attackers. A recent study (Ponemon Institute 2016 State of SMB Cybersecurity) found that in the last 12 months, hackers have breached half of all small businesses in the U.S. As small businesses do not have the resources to invest in substantial IT staff or technologies, they often fall victim to a variety of cyberattacks. One of the most common methods of attacking small businesses is the phishing email. Once one person clicks on that email, the attacker has the opportunity to exploit all of the information maintained by the company. Another common method is through the business’s websites because most were not designed or developed with security in mind. The vulnerability of small businesses to cybersecurity attacks has gotten the attention of the legislature. In March of this year, U. S. Sen. John Thune (R-S.D.) introduced the MAIN STREET Cybersecurity Act which is designed to provide resources to protect small businesses against cyberattacks. Although the threat may feel overwhelming, small businesses can take steps to protect themselves from cyberattacks.
- Using and changing complex passwords may be a nuisance. However, access controls remain the first line of defense against attacks.
- Small businesses can also look at cost-effective, two-factor authentication solutions that require, for example, both a password and a secure token.
- The most recent Equifax breach was the result of a failure to patch all known vulnerabilities. Once again, the nuisance of having to interrupt business to update or patch software is outweighed by the risks of an attacker exploiting known weaknesses in software and hardware.
- Reliable backup procedures can mitigate ransomware threats.
- Phishing emails are the most common method of introducing malicious software or issuing a ransomware request. User training on phishing techniques is essential to all size businesses.
- Antimalware software is also critical.
- Mobile phones are one of the greatest sources of malware. Updating them with antimalware software is essential.
Although small businesses may not be able to afford sophisticated defense technologies, firewalls are necessary on all network sizes, and there are small business solutions such as those offered by Cisco.
One last area of concern are those connections you may have with vendors or other organizations. Cyberattacks are increasingly occurring through third-party links. It is important to verify that third parties you work with have also implemented tools and techniques to mitigate cyberattacks.
By Barbara L. Ciaramitaro, PhD, CISSP, CSSLP, PMP Chair, Decision Science
Professor, Information Technology and Cybersecurity Director, Center for Cybersecurity Leadership Walsh College
Learn more about Walsh College, Detroit's all-business school.
For more tips and inspiration for small business owners, visit Small Business Pulse Detroit.