According to one report, 43% of cyberattacks are aimed at small businesses, and only 14% of small businesses are well-prepared for such attacks. This lack of preparation may be due to sparser security resources, compared to larger companies. However, considering the potential for loss of revenue, sensitive information, and reputation, it is prudent for a company of any size to invest appropriately in cybersecurity measures. Smaller companies may in fact be at greater risk of long-term, devastating consequences to their business, due to their smaller resource pool.
American working culture is going through many significant shifts that are, in turn, having an impact on cyberattack strategies. Prime among these shifts are the rise of remote work, the gig economy, and increasingly common ‘bring-your-own-device’ policies. Furthermore, the COVID-19 crisis has sped up many of these changes in the American workforce, due to the need to maintain social distance and/or supplement income.
The use of personal devices, devices that are not connected to a VPN, and devices that are used for multiple purposes, all constitute potential cybersecurity risks. Yet, they are staples of our changing economy. Therefore, it is more important than ever to assess security risks such as information handled on remote devices, and determine how to securely manage digital infrastructure.
The legal responsibilities of businesses when it comes to data storage and security are currently a strong point of contention. While the European Union has instituted the GDPR, the United States does not have comparable, comprehensive data security legislation on the federal level. Instead, the United States employs a patchwork of relatively modest regulations on the state and federal level. Therefore, it is important for business owners to research regulations relating to data storage and security for their state and industry.
Generally, these regulations only require that businesses take “reasonable precautions” against cyberattacks. These “reasonable precautions” often take a lenient stance on the behalf of businesses or maintain vague parameters that are left to be interpreted in court. However, typically, reasonable precautions include secure data storage methods, reliable security protocols, and consumer transparency to some degree.
Cyberattacks can come in all shapes and sizes, but some types of cyberattacks are more common than others. These may include:
This is a type of malware that is utilized for the sake of holding a user’s personal information or digital access hostage.
This is a cyberattack that involves using a fake and/or authoritative identity to steal sensitive information.
This kind of cyberattack involves long-term, undetected, malicious intrusion on a device. This term often applies to attacks from government entities.
This type of attack uses a botnet to intentionally overload a server and prevent access to other users.
This sort of attack intercepts information in transit without the knowledge of users.
This kind of attack utilizes malicious code inserted into an entry field of a target database.
This is a cyberattack that takes advantage of a cybersecurity flaw that has not been identified “in the wild,” or that has been recently identified but not yet patched.
Before you choose and/or implement a cybersecurity solution for your small business, you should first do a risk assessment. Thereafter, cybersecurity risk assessments should be repeated on a regular basis to update measures and account for new risks. A general risk assessment usually includes the following steps:
Take stock of your resources: Consider your finances, personnel, hardware, and software. Determine how these resources can be allocated to cybersecurity and/or whether you need to expand your resource pool to securely manage them.
Consider the trajectory of your business: Think about how your cybersecurity needs may change based on business growth or other developments.
Anticipate common threats: Research and understand the most prevalent cybersecurity threats to businesses.
Identify your high-value resources: Determine what sensitive information your business manages, who has access to it, and how it is accessed and discussed.
Develop a thorough system of cybersecurity protocols: Research cybersecurity best practices and apply them to the findings from your assessment. Use this to create specific cybersecurity protocols.
Review and update: Constantly reassess threats, best practices, and your own cybersecurity protocols. Regularly review your cybersecurity measures and consider where there may be room for improvement.
There are many tools and resources available to help you assess cybersecurity risks to your small business, including:
This resource allows you to compile a personalized cybersecurity plan for your business.
This can connect businesses with free vulnerability assessment resources.
This is a comprehensive guide to cybersecurity risk assessment.
Cybersecurity risk prevention best practices include:
Staying informed about cybersecurity risks: Small business owners should regularly research new cybersecurity risks, as the cybercrime landscape is constantly evolving.
Determining your legal obligations: It is important to ensure that you cover all of your legal bases first and foremost. Your legal obligations may vary depending on factors such as your location and industry.
Updating systems regularly: Security updates must be done on a regular basis to ensure that security systems are running optimally.
Securely backing up information: Find a secure way to store information, such as a cloud server.
Managing digital infrastructure: Establishing a well-organized and secure infrastructure will facilitate data management.
Properly training employees: Many data breaches are caused by employee error. Ensure that employees fully understand cybersecurity protocols.
Restructuring as appropriate: Buy-in from all levels of the company is vital for proper cybersecurity management.
Maintaining transparency: Everyone within the company should understand why cybersecurity is important and why diligence is required to ensure there are no lapses in compliance.
Consulting an expert: Because cybersecurity is so important and complex, it often is very helpful to seek the experience of a cybersecurity expert.
Integrating security applications: Security applications can help you manage cybersecurity software in a simple and intuitive way.
Enforcing security protocols: Once established, it is important that security protocols are consistently enforced.
In the event that a data breach has occurred, the following basic steps should be taken:
Secure your access points: Until the breach vector is identified, access to sensitive information should be limited.
Identify the source of the breach: A major priority throughout the follow-up process will of course be to identify how the cyberattack breached security. The source may be quickly identified, or it may take further investigation using additional steps in the data breach response.
Reach out to law enforcement: Law enforcement can help your business investigate the breach. It is also a matter of due diligence to notify the authorities about a breach if it involves sensitive information.
Reach out to affected individuals: Whether information compromised by the breach impacts customers, employees, or government entities, it is a matter of due diligence to notify the affected individuals or entities.
Consult professionals: Cybersecurity professionals can help you investigate the breach and assist you in updating your security protocols to prevent future breaches.
Interview personnel: Employees may be able to help you identify the source of the breach or may have additional, relevant information.
Review and update: Conduct a thorough review of your cybersecurity protocols and update them accordingly.
This is a general guide to cybersecurity for the remote workplace.
This guide explains why remote workers are at high risk of cyberattack, how to assess risks for a remote workplace, and how to develop a cybersecurity strategy for the remote workplace.
This outlines cybersecurity best practices in the remote workplace, as identified by NSA and CISA experts.
This resource provides data backup and recovery strategies for a variety of scenarios.
This is a series of guides and videos prepared by the FTC to walk data breach victims through what their next steps should be.
This page explains data breach and cyber liability insurance.
This website catalogs a wide range of cybersecurity information, as well as provides access to training programs.
This page catalogs upcoming cybersecurity training events.
This page can redirect users to courses and other training materials relating to cybersecurity that have been developed by the Department of Homeland Security.
This resource documents major cybersecurity challenges in the U.S. identified by experts in the field.
This site provides news and information about events related to cybersecurity.
This site has a series of guidelines sponsored by the federal government to help small-to-midsize businesses manage their cybersecurity.
What are the Differences? Though often used interchangeably, data pipelines and ETL are two different methodologies for managing and structuring data. ETL tools are used for data extraction, transformation, and loading. Whereas data pipelines encompass the entire set of processes applied to data as it moves from one system to another. Sometimes data pipelines involve transformation, and sometimes they do not.Explore
What is a Hybrid Data Center? A hybrid data center is a computing environment that combines on-premise and cloud-based infrastructure to enable the sharing of applications and data across physical data centers and multi-cloud environments. This allows organizations to balance the security provided by on-premise infrastructure and the agility found with a public cloud environment.Explore
Leverage Your Data to Discover Hidden Potential The amount of data in the insurance industry is exploding, and the number of opportunities to leverage this data to achieve large-scale business value has exploded along with it. Rapid integration of technology makes it possible to use advanced business analytics in insurance to discover potential markets, risks, customers, and competitors, as well as plan for natural disasters.Explore
Increased Use of Data Lakes As volumes of big data continue to explode, data lakes are becoming essential for companies to leverage their data for competitive advantage. Research by Aberdeen shows that organizations that have deployed and are using data lakes outperform similar companies by nine percent in organic revenue growth.Explore
Is a User Journey Similar to a User Flow? User journeys are similar to user flows in that they illustrate the paths users follow when interacting with your product or service. While both tools help to provide valuable insights when optimizing the experiences that guide your customers from A to B, the two terms cannot be used interchangeably. Let’s explore their differences so you can decide which tool is better suited to optimizing your user experience (UX).Explore
Develop Greater Customer Understanding If you want to create memorable customer experiences, you need to understand your target audience before initiating any marketing efforts. This means digging deep to empathize with your customers by learning what is going on inside their heads, their needs, and what they feel when interacting with your products or service. From this knowledge, you can effectively market to your customers by reaching them on a visceral level.Explore