2 minute read

Small Business Enterprise - SBDC December 2021

Cyber security in 2021: The threat is real

A playbook for small business

We are often asked about cyber security and the actual risk to small business. Small business is not immune to cyber threats: if anything, it is more at risk.

Let us take the RPS 205 ransomware incident that happened in 2019 as an example of relative risk and impact. In this incident, hackers attained control over RPS 205 key computers due to a common and prevalent phishing tactic used to install software to hijack the data stored on them. Hackers were able to do this because someone was tricked into opening an email that appeared to be safe.

After the incident, the school district made changes to how they handle the cyber threats: they ramped up awareness, restructured the IT department, hired ITIS professionals and increased individual security on the computers and other devices to lock down access.

Big business is not immune, either. A couple of noteworthy examples are Amazon Web Services (AWS) and Microsoft Exchange Online (cloud). These mega cloud service providers are becoming a critical part of the business – including small business – infrastructure landscape. Richard Demillo, chair of Georgia Tech School of Cyber Security and Privacy, stated that cloud services are an essential utility that should require federal regulation.

In 2021, between February and April, some 30,000 systems worldwide were at risk for attack on Exchange Online, making the case that this is a global threat as well. In 2019 alone, the estimation of risk and loss was found to be around $9 billion in recovery and lost productivity for U.S. ransom attacks (Emsisoft, 2019). And this cost will only go up, as cybercrime is a very big business worldwide.

Small businesses have inherent risks to cyber threats: Limitations to resources to handle the threats, limitations in awareness of what the threats are today and not knowing what can be done to protect themselves leaves small business particularly vulnerable.

So what can small business do?

The first step is to recognize that the threat is real and is present today. Focus on changing information tech practices in the day-to-day activities to run the business and incorporate dealing with cyber threats into the company operational business strategy as you would for theft, burglary and robbery.

The National Institute of Standards and Technology has a playbook for small business with five basic key points. They are:

1. Identify the threat and risk,

2. Protect data and computing systems,

3. Implement Detection of threats,

4. Respond to threats with an organized plan, and

5. Have a Recovery plan to minimize the losses should they occur.

The SBDC in Rockford can assist your business in getting a strategy for defense of your business against cyber threats. Cyber threats are getting better and better every day, and it is up to every business to have a strategy to fight back.

Visit www.rockfordsbdc.org.

Michael Rogers is cyber security and new emerging technologies consultant with the Rockford SBDC.

This article is from: