Eight years ago, I started providing cybersecurity workshops for SMBs across the country. It was difficult to get anyone in the room back then. Most business owners did not understand the threats, or they believed their business was not big enough to be a target.
Fast forward to 2020, it would be difficult to find a business owner who doesn’t understand that her business is targeted by cybercriminals on a regular basis. The awareness of the problem has grown, but I am not convinced that the security best practices have been adhered to by more than a fraction of main street shops.
What are some of the roadblocks to securing small and medium business from cyber threats in 2020?
- Survival is the first priority. According to Fortune.com, “Nearly 100,000 establishments that temporarily shut down due to the pandemic are now out of business.” Just as we were gaining momentum with cybersecurity awareness among SMBs, a worldwide pandemic has changed the landscape for business owners.
- Internal IT staff don’t exist. A typical small business does not have trained IT or security staff regularly checking the defense perimeter.
- Awareness of tools is low. At the end of every workshop I have done over the years, someone would ask, “Can you please tell us what to buy, and I will do it?” The audience would ask for a checklist of technology they should buy and security tools to put in place showing their belief that cybersecurity was something other people understood. To many people outside the field, cybersecurity is seen as a specialized IT issue rather than the risk management issue that anyone can understand.
- Criminals are working overtime. Cyber threats have increased since COVID-19. CSN’s Blog has tracked over 300 new scams since February, 2020.
What can businesses do right now to make a difference in their security posture?
- Commit to the time. I understand that 2020 fatigue and stress can be overwhelming right now for many of us. Add on top of that trying to keep a business afloat, and the combination can cause you to become complacent. One recommendation is to schedule a few hours a week, and make a commitment to doing the work to improve the security of your business.
- Use trusted tools. The Cyber Readiness Institute and Consumer Reports have no-cost tools that will walk you through simple tasks that can transform your business security posture and potentially keep the doors open.
- Secure your account access. Every security checklist you will find includes access controls. Opting in to multi-factor authentication on key accounts including email and social media can increase your security exponentially.
LinkedIn Learning provided me an opportunity to be an instructor and create a class called Cybersecurity for Small and Medium Businesses: Essential Training. It is free with a trial subscription and can be used by nonprofits, small governments and small businesses to learn the basic cybersecurity steps needed to build a more resilient company.
After exploring the roadblocks and examining some solutions, we need to address where to find help if your business is impacted by a cyber attack. The Cybercrime Support Network is a resource for SMBs to find the information they need to report, recover and reinforce their security after an event. Fraudsupport.org also lists ten cybercrimes and has resources to help triage problems you might encounter.