Menu

Search

  |   Insights & Views

Menu

  |   Insights & Views

Search

The three ‘B's’ of cybersecurity for small businesses

0
comments

Large-scale cyberattacks with eye-watering statistics, like the breach of a billion Yahoo accounts in 2016, grab most of the headlines. But what often gets lost in the noise is how often small and medium-sized organizations find themselves under attack.

In the last year, half of American small businesses have been breached by hackers. That includes Meridian Health in Muncie, Indiana, where 1,200 workers’ W-2 forms were stolen when an employee was duped by an email purporting to come from a top company executive. Many small companies are just one fraudulent wire transfer away from going out of business.

There’s lots of advice available about how to fight cybercrime, but it’s hard to tell what’s best. I am a scholar of how businesses can more effectively mitigate cyber risk, and my advice is to know the three “B’s” of cybersecurity: Be aware, be organized and be proactive.

Here’s how more companies can boost their cybersecurity preparedness without breaking the bank.

Be aware

Almost any company can be vulnerable to a range of cyberattacks. A company manager or network security professional needs to know about the various types of digital threats and how to limit vulnerability.

There are some attacks that every employee should know about. The most common attacks use a method called “phishing,” or a variant that specifically targets one potential victim, called “spearphishing.” These typically take the form of email messages that appear to be sent by coworkers or supervisors asking for sensitive information. That’s what happened to the health care company in Muncie. These messages can contain instructions that a victim might follow, believing them legitimate – such as clicking a link that installs malware or captures login information, or even making a wire transfer to another business’s account.

The best defenses against these types of attacks involve skepticism and vigilance. Attackers can be very clever and persistent: If just one person has one weak moment and clicks on one malicious link, an entire network can be compromised.

Be organized

Most companies go to great lengths to protect their physical assets and personnel. But many do not take similar precautions with their digital information. A key computer may be kept disconnected from the internet, but if it accepts flash drives or rewriteable CDs, or if its password is easy to guess, the information is just as vulnerable.

Small business owners need to prioritize cybersecurity. Without proper preparation, even large companies can find themselves unprepared for cyberattacks. When Sony was hacked in 2011, it did not have an executive focused solely on information security. But hiring someone did not prevent another hack in 2014.

Be proactive

Planning ahead is vital, instead of just being reactive. The National Institute for Standards and Technology Cybersecurity Framework lists five main functions of cybersecurity efforts: Identify vulnerabilities, protect against attacks, detect anyone who gets through, respond to the attack quickly and recover after the attack has been stopped.

Some companies are already receiving advice that following the NIST guidelines can reduce legal liability if cybersecurity problems arise or are discovered. Companies can also work with colleges and universities to create cybersecurity clinics, or even consider buying cyber risk insurance.

There’s no way to avoid being the target of a cyberattack, but that doesn’t mean becoming a victim. Simple steps can have huge results: The Australian government reported resisting 85 percent of cyberattacks by taking three basic steps: restricting which programs can run on government computers, keeping software updated regularly and minimizing the number of people who have administrative control over networks and key machines.

Cybersecurity doesn’t have to be rocket science; it’s just computer science.

The ConversationScott Shackelford does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond the academic appointment above.

  • ET PRO
  • Market Data

Market-moving news and views, 24 hours a day >

April 28 21:00 UTC Released

MXFiscal Balance (Pesos)*

Actual

340.61 bln MXN

Forecast

Previous

-1.93 bln MXN

April 28 21:00 UTC Released

CNFiscal Balance (Pesos)*

Actual

340.61 bln MXN

Forecast

Previous

-1.93 bln MXN

April 30 01:00 UTC 9292m

CNNBS Non-Mfg PMI*

Actual

Forecast

Previous

55.10 %

April 30 01:00 UTC 9292m

CNNBS Manufacturing PMI*

Actual

Forecast

51.6 bln $

Previous

51.8 bln $

April 30 23:30 UTC 14421442m

AUAIG Manufacturing Index

Actual

Forecast

Previous

57.5 %

May 1 00:00 UTC 14721472m

KRExport Growth Prelim*

Actual

Forecast

15.3 %

Previous

13.6 %

May 1 00:00 UTC 14721472m

KRImport Growth Prelim*

Actual

Forecast

21.0 %

Previous

27.7 %

May 1 00:00 UTC 14721472m

KRTrade Balance Prelim*

Actual

Forecast

Previous

6.27 bln $

May 1 00:30 UTC 15021502m

USNikkei Mfg PMI

Actual

Forecast

Previous

52.8 %

May 1 00:30 UTC 15021502m

JPNikkei Mfg PMI

Actual

Forecast

Previous

52.8 bln $

Close

Welcome to EconoTimes

Sign up for daily updates for the most important
stories unfolding in the global economy.