Ask SCORE: Cybersecurity for small businesses

Published 8:45 pm Friday, September 9, 2022

Ask SCORE by Dean Swanson

Do you think cybercriminals are too busy targeting the likes of Capital One, Citrix and Facebook to bother with your small business? Think again.

Dean Swanson

Some 76% of cyberattacks occur at businesses with under 100 employees. Cybercriminals know small businesses tend to be easy targets, and that accessing a small business’s computer networks often gives them entrée to client and vendor networks, too.

Email newsletter signup

While digital transformation offers many benefits, it also comes with many challenges. For instance, investing in technology also increases cybersecurity risks. Artificial Intelligence (AI) and machine learning have been known to potentially increase the attack surface for hackers, while big data and the cloud hold lots of information, which can pose a considerable risk in the wrong hands.

For a small business, the cost of a data breach can be devastating. The average cyberattack costs smaller companies an average $3,533 per employee. It takes an average 206 days to identify a risk and another 73 days to contain it, making the life cycle of a data breach 279 days.

No wonder nearly 60% of companies go out of business within six months of a cyberattack.

The stakes are high. Fortunately, there are some steps you can take to prevent a cyberattack as I have written in this column in the past. But my recent discussions with CEOs remind me that this is one risk that is of high concern. In this column and a couple of follow-up columns, I will give some further suggestions on this topic and share some information from a resource that SCORE and one of its content partners, Trend MICRO, created on this topic.

Cybercrime grew during COVID-19 crisis and continues. The FBI reports that instances of cybercrime appeared to grow as much as 300% since the beginning of the coronavirus pandemic.

The Bureau’s Internet Crime Complaint Center (IC3) is receiving between 3,000 to 4,000 cybersecurity complaints a day, up from an average of 1,000 per day before the pandemic hit.

As America’s daily activities increasingly moving online due to stay-at-home orders, the opportunities for cybercriminals grew due to:

• Employees, new to remote work, who were unaware of basic security measures

• Businesses struggling to keep externally-accessed systems secured

• Lack of social and workplace interactions

• There are ongoing uncertainties, including:

— Supply chains (PPE and essential goods)

— Online orders and payments

— Medical help and COVID-19 testing

— High unemployment

— Fears and other factors

Five biggest cybersecurity risks

What’s putting your business at risk? The answers might surprise you. The biggest cybersecurity risks for small businesses are:

• Human capital risk: Hackers target employees, which is why you need a strong IT security staff. Educate your employees about your security requirements.

• Cyberthreat risks: These include phishing and social  engineering (tricks cybercrooks use to make people do things they don’t want to do); clickjacking (technique used by cybercriminals to hide malware and other threats under content of legitimate sites); botnets (a network of hijacked computers and devices infected with malware remotely controlled by a hacker to send spam and launch DoS attacks; fileless attacks (malware that doesn’t drop a file on your disk, but can infect your computer, steal your data, etc.); and denial of service (DoS ) attacks designed to disable, shut down or disrupt a network, website or service).

• Data risk: The exposure to loss of value or reputation caused by issues or limitations to an organization’s ability to acquire, store, transform, move and use its data assets.

• Infrastructure risk: Potential losses due to failures to protect business critical data assets and applications. It’s key to make sure technologies, such as mobile, cloud, social media and IoT devices are safe to use in the workplace.

• Operational risk: Protecting against data breaches and other cybersecurity threats.

You should keep track of key cybersecurity trends to understand the latest developments and current threats. This intelligence is key to improving your cybersecurity strategy and response plan. Additionally, invest in employee training, enhance your IT systems, keep your software updated, fix all security holes and have an effective security policy.

Cyberthreats have grown more sophisticated every year. In my next column I will suggest what you should watch for to protect your small business from these risks. I will start that column with the three most common cyberthreats to your business.  

Dean L. Swanson is a volunteer certified SCORE mentor and former SCORE chapter chairman, district director and regional vice president for the northwest region.