Written by Brian Jackson, Abacus IT Solutions
Cybersecurity continues to be a hot topic, and was even a key issue in the recent U.S. Election. No locale, industry, or organization has shown to be exempt from the reach of present day cybersecurity threats. Surprisingly, the weakest sector in the hierarchy of business organizations continues to be small businesses, usually with less than 100 employees. Budget constraints, lack of expertise, and just plain complacency can cause small businesses to become easy targets. Extremely dangerous and well-funded cybercrime rings abroad are using sophisticated software systems to exploit thousands of companies to steal credit cards, client information, and even money from their bank accounts. In fact, the National Security Alliance reports that 1 in 5 small businesses have been victims of cybercrime within the last year… and that number is growing rapidly.
Most cyber attackers follow the path of least resistance. This means the same attack methods that work on large businesses are also used on small businesses. Many of these attacks come through social engineering, malware, or advanced network attacks. While being prepared from a technology standpoint is important, many times the best starting point for small businesses is simple self-evaluation. Below are a few points that small businesses should consider when thinking about cybersecurity:
- Change your mindset: Too many small businesses have a “triage” mindset or believe they may be too small or insignificant to be a victim. As former FBI Director Mueller stated, “There are only two types of companies: Those that have been hacked, and those that will be.” Small business should reevaluate and become more proactive to identify and mitigate cybersecurity risks before they happen.
- Identify Risk: Identifying risks within your business beyond the basics goes a long way to developing a comprehensive solution for cybersecurity. All companies are subject to a basic array of threats, but a more specific threat profile can be developed based on your data, employees, and the type of business transactions that occur.
- Develop a plan: After identifying the specific risks, a plan should be developed to mitigate them as soon as possible. This could include a technology service, employee training, and a clear, documented policy.
Remember, no business is exempt from a cyber attack. Thoughtfully considering the mindset, risks, and plan for proactive management of your company’s cybersecurity is a very effective way to make sure your company is not the next easy target for a cyber attack.