34 Reasons Why Even Small Businesses Should Consider Hiring A Cybersecurity Expert

It is often assumed that only large, enterprise level firms need to hire cybersecurity experts to protect from hacking and vulnerabilities. The truth is, that now more than ever, small businesses need online protection as well.

I turned to several luminaries in the cybersecurity world to explain why even small businesses need to hire a cybersecurity or IT expert.

All businesses involve assets and risk

“Look no further than the Target breach, which compromised 110 million shoppers. This massive heist was the result of a phishing email, which duped an employee at a small HVAC company in Sharpsburg, Penn., and gave the attackers a route into Target’s corporate network. The tactical risks for businesses — large or small — are the same: phishing scams, ransomware, etc. The implications are strategic: a compromise can create fiscal and credibility issues — both of which can close companies for good.

Every business needs to consider two facts. The first: Connectivity is risk. Regardless of size, every business relies on connectivity, whether it’s simply to the internet, or to its partners networks. The second: Data is an asset. Therefore, there needs to be a direct correlation between how much a business values its data, and its efforts to manage, protect and secure it accordingly. Because connectivity and data are so intertwined, CEOs should recognize that cyber risk is also a business risk, and it should be treated as such. Yes, they should deploy security software to fend off would-be hackers. However, technology alone is no longer sufficient for protecting an organization’s data and reputation. They must support their tactics — and their business — with an informed strategic approach to cybersecurity.” — Ray Rothrock, CEO of RedSeal

Because new technologies are not beneficial if your business doesn’t have the ability to use them

According to the 2015 Security Pressures Report from Trustwave, 68% of SMB respondents believed their organization was safe from cyber-attacks and data compromises. Businesses should not assume that because of their size, they are exempt from falling victim to a breach. This false sense of security is a major mistake that makes smaller companies exactly the “low hanging fruit” that opportunistic cyberattacks thrive on. Having a security-first mentality as a part of your IT strategy is just as important as investing in locks, alarms, and cameras for a “brick and mortar” store.

A common mistake that businesses make as they start to prioritize cybersecurity is to invest in the latest and greatest technologies only to find that they lack the internal “know how” to implement the technology properly. Investing in your people, whether it’s hiring a single security expert you trust or investing in training for your existing IT staff is probably the best initial investment that an organization can make. Companies looking for a place to start might even consider investing in a managed security service where the knowledge and organization is already in place. — From: Karl Sigler, Threat Intelligence Manager, Trustwave

Cyber security protection will become as important for operating a business as utilities are today

“Cyber security protection will become as important for operating a business as utilities are today. Many of the most vulnerable businesses are the small/medium enterprises, where the skill gap in achieving full protection is widest. The skill gap will not go away overnight. Two innovations we will start to see that will help here are AI-based software automation and cyber insurance products. I am aware of many insurance carriers working on new cyber insurance products to address these gaps.” -Max Gazor, General Partner at CRV

The line between work and the personal use of computing equipment and mobile devices is blurring

“The nature of small businesses is such that everyone has to do a little bit of everything and the line between work and the personal use of computing equipment and mobile devices is blurring. This puts small businesses, and the executives that run them, at risk as employee behavior tends to be the most common ‘entry point’ for hackers. To thwart these types of attacks, employee education combined with endpoint security technologies are critical steps to effectively reduce risks.

“This leads today’s small businesses to either retain or hire a cybersecurity specialist that can ensure that they use privacy and security best practices. While it’s easy to imagine that small businesses aren’t the target of such attacks, the reality is that cyber criminals often target them exactly because their security protections are lax, and in many cases, they can provide a pathway into data centers at larger companies who may be clients or partners.

“As a result, a small business executive will find that their investment in cybersecurity today will keep them out of the types of data breach situations that are so prominently in the news today.”-Thomas F. Kelly, president and CEO, ID Experts

Lawsuits. Ransomware. Viruses. Protection of data.

“Ever dealt with a lawsuit because one employee was looking at adult content on a work computer? A good cybersecurity program can detect and prevent users from accessing inappropriate content from the workplace.” Ransomware looks for vulnerable computers and encrypts your own data in the hops of extracting a ransom from you to get it back. The cybercriminals try to shut down your business by preventing you from accessing your own information. Many of these attacks are specifically targeted at small businesses, in the hopes that they don’t have good backups and must pay the ransom.Protection of Data: A small business has sensitive information. Its customer list for example. New products being developed. New ad campaigns that have not been released. A strong cybersecurity program can help keep this information safe from those that should not have it. Viruses:Computers not running good antivirus software are prevalent in small businesses, and viruses can do immeasurable damage. — Bryce Austin, CEO of TCE Strategy,

Because SMBs need to adopt smarter security practices before it’s too complicated to change them

Small businesses should play to their size and agility to adopt authentication measures that really work. The near-daily breaches over the past few years have taught us that passwords are a completely ineffective security measure to protect valuable data and assets. In fact, in 2016 alone, each of the 5 of the biggest data breaches involved compromised, weak or reused passwords. It’s clear that organizations need to adapt and update their security policies, and using biometrics and multi-factor authentication methods have proven to be excellent ways to increase security. The problem, for many organizations, is that their legacy security practices have been grandfathered in, and the process to overhaul and replace passwords is daunting and expensive. SMBs don’t face this problem: their organizations are small, often young in IT years, and nimble enough to easily weather the change. Working with a security expert to update technology and authentication practices will incur a price upfront, but, because the financial and operational fallout of a security breach would be catastrophic, it’s well worth the peace of mind for knowing the company’s data and assets are much more secure than they would be with passwords.- James Stickland, CEO of Veridium

Cybersecurity threats to small businesses (SMBs) are similar to enterprise-sized risks

Cybersecurity threats to small businesses (SMBs) are similar to enterprise-sized risks. Without large IT and security teams, SMBs should pay even more attention to reducing vulnerabilities and risks. SMBs can use their size to quickly adapt to vulnerabilities and try more cutting-edge tools.

Evaluate your company’s cybersecurity practices to best detect and prevent threats. Use free tools like the NIST Cybersecurity Framework as a blueprint to remodel data protection policies and to set goals. NIST’s Framework combines other standards with an emphasis on self-evaluation so you can do more internally.

Don’t become a victim of your own success. As your business grows, you must share access to vital business data and systems. Be proactive by adding in strong security policies and practices when you add employees or expand your networks. — Cohesive Networks’ CEO, Patrick Kerpan

Full Understanding Of What The Business Needs

According to, “Cyber attackers are coming after companies of all shapes and sizes. Small businesses need to recognize they will increasingly be in the cross-hairs of cyber villains, and that cybersecurity incidents can have a direct and immediate impact to revenue and reputation. They need to take the proper steps and make the proper investments to ensure that when they are inevitably compromised, or a threat emerges from inside their network, they can quickly detect it and respond, before data is stolen and large-scale damage is realized. Small business owners have less resources to work with in comparison to large enterprises. As such, they need to prioritize what they protect and where they spend their time. Small businesses owners need to understand what data is most important to the business and learn how to protect that data. Bottom line: Every small business needs to prepare for a successful attack and respond quickly.” — Chris Petersen, CTO of LogRhythm

SMBs need to take a Realistic Approach to Cyber Resilience Planning, Data Loss Protection and Email Security

Organizations of all shapes and sizes face a significant threat from ransomware, phishing and impersonation attacks, which are becoming more sophisticated and targeted. Attackers primarily use email as an entry point to steal data, like employees’ personal identification information, tax documents, and cash.

Defending against today’s attacks requires a broader focus, one that spans beyond just security. However, when it comes to cybersecurity, small businesses face an even heightened risk, as they don’t always have large IT or security teams, or budgets. Small businesses need to take a realistic approach to cyber resilience planning that spans security, data protection, businesses continuity and end-user empowerment. While this means having high-level requirements without a large enterprise budget, that’s okay. Email security is not just the responsibility of the IT team, in needs to be a focus for everyone. With the right vendor and solutions in place, a small business doesn’t need enterprise-level resources or budget to implement an effective cyber resilience strategy. One of the quickest and most effective way to start the process of becoming more cyber resilient is to focus on one of your organization’s most vulnerable links — employees. Education is key to empower your entire organization on good security practices. — Peter Bauer, CEO of Mimecast

SMBs Don’t Have IT Staff Resources — Need to Outsource Cybersecurity Remediation Services

According to Nick Belov, CISO at CGS, with security threats like ransomware and malware dominating media headlines, companies are becoming hyper-aware that security threats are inevitable and cybersecurity solutions are crucial for their business. For many small and medium companies, outsourcing cybersecurity services is becoming a necessity — they don’t have the resources or staff to address these potential threats. For example, we are seeing many SMBs outsource remediation services that help their IT teams to secure their business in the event of an attack. This could be anything from restoring back-up data after a ransomware attack, upgrading vulnerable systems & hardware, or containing and cleaning up infections. By utilizing an outsourcing partner, SMBs have access to enterprise-level technology and a network of partners. It’s a win-win for the IT team and overall business operations.” — Nick Belov, CISO at CGS

If your cybersecurity solution doesn’t stop phishing, you’re a headline waiting to happen.

Phishing is responsible for 95% of all cybersecurity damage. And it’s used so often because it’s so effective. Cyber actors have only one advantage that make them successful, authenticity. They take advantage of our trust in one another and the most trusted brands in the world to drive the inevitability of the click. Phishing works great. We humans are a curious, distractible bunch. The email that impacted our election looked just like a Google password reset. The point is, if your cybersecurity solution doesn’t catch 100% of these phishing attempts — and yours do not — you’re going to have damage. What’s worse, it only takes one click. So if your cybersecurity solution is 99% effective, or your employee education program has reached 65% of your employees, that’s still not good enough. You have to stop phishing. All of it. — Oren J. Falkowitz, CEO of Area 1 Security

Everyone is a Target now

Willie Sutton robbed banks, “Because that’s where the money is.” Cybercriminals went after financial institutions for the same reason; SMB’s weren’t targets because they didn’t have money. In today’s world value is now found beyond the banks. Medical records and legal records, even at the smallest practices, have value. Login credentials, at all sites large and small, have value. Thanks to the advanced ecosystems in dark markets value can now be found not just at large sites and financial institutions but tens of thousands of SMB’s. It doesn’t matter if you think your information isn’t valuable, if they do, they will come for you. — Mark Herschberg, Principal at White Knight Consulting

The Number of Type of Threat Actors has Grown

The dark side of the internet has grown rapidly. In the 90’s threat actors (the term professionals use for hackers) were found primarily in the US and Western Europe, and consisted of those trying to steal money or hack just for the fame — not trying to damage systems but just showing that they knew how to break in. Fast forward to today and we’ve added billions of people in Russia and Eastern Europe, China, Brazil and South America, and the MIddle East. Not only are there more people, of which some are hostile, but their motivations have increased. Some still steal money or do it for the challenge, but three other types have arisen. First, there are political actors, who pick targets to support the actor’s political agenda. Second, some threat actors are backed by their governments who are helping to find specific data to further the government interests. Third, there are chaotic actors, the men, “who want to watch the world burn.” All three may see benefits at any given time to attacking SMB’s. — Mark Herschberg, Principal at White Knight Consulting

Small Businesses aren’t Prepared

“Erroneously, Small Businesses often think they have nothing worth stealing. They do however store sensitive data from their customers, like bank account information, credentials and credit card info. Hackers can use this data to harm the Small Business, and, its customers. Often Small Businesses will not even realize they have been breached for a long time. This provides hackers with more time to cover their traces. Consequently, Small Businesses are not only a perfect target for hackers, but also for the less skilled ones (the so-called script kiddies), increasing the chances of getting targeted. Security is hard. The complexity of the continuously evolving nature of IT, requires multi-skilled specialists to protect your IT infrastructure. Small Businesses do not have the resources to acquire and maintain these skills. Therefore, they should rely on specialized IT vendors and services to accompany them in securing their IT infrastructure, securing their business continuity.” — Walter Van Uytven, CEO of Awing

A Data Breach to an SMB could be Devastating to the Entire Business

“We’ve seen the headlines — one massive data breach after another! The problem is escalating, especially when we think our personally identifiable information is being protected by such large institutions. Equifax and Deloitte are not the exception, they are now the norm. Large enterprises such as those are able to recover from the damages of a data breach due to their size and resources, although the real losers are the consumers losing their private information. It makes sense for the large enterprise companies to hire cybersecurity experts to help mitigate risk and protect their environment. Let’s not forget about the small and medium-sized businesses (SMB). Are they even a target? Would they even notice if they were hacked? A data breach to an SMB could be devastating to the entire business. As an SMB, what are the options? Hiring a Cybersecurity expert is a good start. This can be done efficiently by finding a good Managed Services Security Provider (MSSP) to handle all of the cybersecurity needs by providing knowledge-based expertise and best-of-breed technology vendors. This provides specific solutions and products, allowing the SMB to maintain focus on core business processes. SMB’s are very important for our economy to function, in most cases the SMB will connect to larger companies making them part of the food chain flow of the economy, all the more reason to protect them.” — Richard Blech, CEO of Secure Channels Inc.

Mobile & BYOD Risks Are Breaking Down Security Walls

“The small business technology landscape is changing with the rise of mobile BYOD. Small business owners and employees often work from personal devices whether it’s in the office or when they’re on the go. When employees log on to company networks or access company assets from public WiFi, they put company data at risk. Mobile devices in particular are breaking down security walls, as they provide a new gateway for hackers. With these security walls coming down, small businesses cannot afford to lose their “crown jewels” — the data and the secrets that are most important to them. Whether it’s intellectual property or customer information, it’s essential that small businesses protect these assets with strong encryption and apply key management. The same way you lock money in a safe, you must lock up your most valuable data. To take it a step further, you wouldn’t leave the keys to the safe laying on the counter in a store and the same goes for digital keys for encrypted data.” — Avner Mor, CEO and Co-Founder, Dyadic

Threats don’t discriminate based on size

“These days, hackers don’t discriminate against prospective targets based on size. They use techniques to cast the widest net they possibly can. WannaCry was a prime example of that approach. While data breaches affecting large companies like Target and Equifax may steal headlines, it is small businesses who become victims of the threats that bear the brunt of the attacks, as many lack the resources to recover once their business operations have been interrupted and/or their brand reputations have been compromised. For this reason, it is paramount for small businesses to consult with cybersecurity experts and utilize IT services that ensure the security of their networks.” — Prakash Panjwani, CEO of WatchGuard Technologies

Securing Wi-Fi Hotspots Without Compromising Connection Speeds

“Modern consumers have come to expect small businesses to provide free public Wi-Fi connections. Fast, reliable Wi-Fi encourages customers to stay in a store for longer and is often a determining factor in their decision to visit one business over another. But if a small business sets up its Wi-Fi incorrectly or does not properly secure it, hackers can easily steal sensitive information from users using a man-in-the-middle attack or other hacking method. To protect their customers, small businesses should have a wireless intrusion prevention system (WIPS) in place and make sure an IT professional regularly updates their network setting. It’s easy for small business owners who don’t know much about technology to make basic security mistakes that leave their Wi-Fi users vulnerable, so this is a case where it pays to call a professional.” — Prakash Panjwani, CEO of WatchGuard Technologies

Achieving PCI Compliance

“Small businesses that process credit card information need to be compliant with PCI security standards. Without cybersecurity or IT expertise, business owners may not know if their organization is compliant or how to change their payment system to become compliant, and failure to meet PCI standards often results in hefty fines. Small businesses need cybersecurity experts and IT services to help them achieve and maintain PCI standards that continue to evolve with the growing cyber threat landscape.” — Prakash Panjwani, CEO of WatchGuard Technologies

Even Small Businesses Are Targets of Ransomware

“Even small businesses are vulnerable to ransomware, and many have already become victims. Small businesses need cyber-security experts to ensure they’re protected and to ensure they can recover in the event of an incident. -Bob Herman, Co-founder & President of IT Tropolis

After SD-WAN (Software Defined Wide Area Networking) matured as a technology, they also have no excuse“

Small businesses may have small IT budgets and they may have a tendency for ignoring cyber security. However, similar to larger organizations, small businesses still need cyber-security and IT services and especially after SD-WAN (Software Defined Wide Area Networking) matured as a technology in last few years, they also have no excuse. Managed service providers and IT service firms can easily and remotely manage security for small businesses in a cost effective manner. Prior to SD-WAN, you needed expertise to be physically present at the client location, however, with SD-WAN, since the connectivity and security can be managed and monitored remotely from the cloud, IT firms and cyber-security service providers can extend their services to smaller firms with smaller IT budgets. -Jay Akin, CEO of Mushroom Networks, an SD-WAN vendor

With the rise of IoT & BYOD, small businesses are at greater risk than ever

With the influx of IoT and BYOD in the workplace, vulnerabilities for small businesses are at an all-time high. IoT devices are vulnerable by nature, because they often aren’t equipped with built-in security measures. If these devices are operating on the corporate network, hackers can use them as an access point and reach valuable company data. Take an iPhone for example. The updated control center includes a switch that turns Bluetooth and Wi-Fi configurations on and off. It was discovered that the switch is actually a hoax in that it doesn’t disconnect either Bluetooth or Wi-Fi, putting users at risk for open connection attacks. Additionally, small businesses often have flexible remote working policies. This also increases vulnerabilities by allowing corporate devices to run and be exposed to threats on an unknown, and potentially unsecure, network. — Ofer Amitai, CEO of Portnox

The cloud enables democratization of security to both small and large companies.

“When it comes to cybersecurity and defensive capabilities, all companies need defenses and resilience to recover from damages caused by attackers. Large companies can afford to hire dedicated security subject matter experts, but, even they are challenged with finding and retaining these experts. The general trend is for companies, both large and small to depend on the cloud vendors providing more and more of their services, as well as a cadre of Managed Security Services Providers (MSSPs) that provide specialized security services for both small and large companies. As time rolls on, more and more security is being delivered via the cloud and with it you will see the democratization of security to both small and large companies.” — Philip Lieberman, president of Lieberman Software

“Hacking the person” is one of the most common cyber breaches for small businesses

“For small business owners, cyber security is now a major concern. Many of them are relying more heavily on IT networks to run their business, making them vulnerable to cyberattacks which are increasing in frequency and becoming more sophisticated. It’s important to make sure your employees are well-trained and always conscious of the threat. Remember that many cybercriminals now focus on the ‘human factor’ in trying to break into a network. They know that if they can’t break through a network firewall, they might be able to ‘hack the person’ by tricking an employee into giving up information and access. Security and data breaches not only cause serious financial harm, they can also hurt your business reputation. One problem is that the threat landscape is changing constantly, so the security measures you employ must be able to adapt quickly. Having a robust policy for using strong and different passwords and for two-factor authentication is important.” Ido Lustig, Chief Risk Officer, BlueVine

No one is immune to the risk of browsing

During my recent travel to Singapore, I learned that 35 percent of the Small & Medium Enterprises (SME’s) fell victim to Ransomware attack in the last year. And worse yet, 21 percent of surveyed SME’s were forced to cease operating. It’s said that the IT budget of the Fortune 5 financial organizations are big enough to make these IT organizations Fortune 500 organizations! SME’s obviously lack this level of investment and expertise. Lack of D/R (Disaster Recovery) strategies and cyber strategy mean that a single malware or ransomware infection can sound the death knell for these companies. While the Internet has become a cesspool (Gartner’s term), no one is immune to the risk of browsing the Internet. This includes SME’s and consumers. In recent years, security products have become so complex and so arcane that the SME’s have been left behind. It takes tremendous expertise and training to manage the newer security products that’s impractical for SME’s to keep up with them. Before we advise SME’s to require cybersecurity experts, security products from vendors have to get simpler and more importantly, need to conclusively address threats without overburdening operations. — Kowsik Guruswamy, chief technology officer (CTO) at Menlo Security

Keeping hold of Valuable Information

The treasure cove of valuable information and ideas that small businesses possess is what attracts hackers. Such businesses have a cache of customer information including credit and debit card details which hackers tend to exploit. Moreover, hackers also target innovative ideas and intellectual property that start-ups possess. On May 11, 2017, a Ransomware named WannaCry took the world by storm when it infected more than 230,000 computers in over 150 countries. The ransomware encrypted the data on the computer and then attempted to exploit the SMB port in order to infect other computers on the internet. In exchange for the data, the hacker demanded $300 worth of bitcoin. Though Microsoft discovered the vulnerability, and released patches, many Windows users failed to act on the security bulletin and felt victim to the ransomware. — Junaid Mohsin, Senior Marketing Manager at Ivacy

The Use of Mobile apps and Big Data

The increase in use of mobile apps, web apps and big data have opened more doors for potential cyber-attacks. Many new startups and small business engage in online business and e-commerce activities through mobile apps and web platforms. As a result, protection of these platforms should be a priority, but sadly young entrepreneurs are too clouded by other distractions to realize the importance of information security. — Junaid Mohsin, Senior Marketing Manager at Ivacy

Cloud Services

Because of its affordability and unmatched utility, small businesses and startups are jumping on to Cloud services. However, hackers are oblivious to nothing and cyber-attacks on Cloud services have increased considerably. A report by Intel Security titled “McAfee Labs 2017 Threats Predictions Report” highlights that in 2017, cloud threats would increase significantly thereby increasing the risk for the start-ups and small businesses. — Junaid Mohsin, Senior Marketing Manager at Ivacy

SMEs often need to take a bottom-up approach

Unlike large enterprises that can work cyber security top down, SMEs often need to take a bottom-up approach, with a clear emphasis on building cyber security controls around critical assets by leveraging outsourcing for expertise, monitoring and solutions. Given the resource limitations faced by many SMEs, there must be a laser focus on investing in cyber security protection of the organization’s most critical assets. SMEs should also strongly consider moving their technology to the cloud, accompanied by security services as part of an agreement that includes an understanding related to data collection, usage and ownership. With so little margin for error, SMEs must prioritize security by design so they understand the total cost of development and deployment of products before they are released. Further, there needs to be a CEO-level commitment to building organizational cyberculture that includes continuous training and awareness-building for all employees, not just those in technical roles. — Matt Loeb, CEO, ISACA

Most attacks are indiscriminate and no longer targeted

Most attacks are indiscriminate and no longer targeted. For an attacker it’s the difference between trying to break into Fort Knox or robbing you neighborhood bank with a 80 year old guard at the door, except worse.

Most small business, keep some sort of data on clients or customers, and even those that don’t are vulnerable to hijacking and ransomware. As a cyber criminal it has become technologically feasible to target everyone with limited resources. So it is reasonably more cash efficient to hit low value targets that are soft and lacking protection rather than try to target whales that have spent years building up layers of protection.

IoT has been instrumental in this as many IoT devices have no protection and can be taken over at will.

If you take a server and put it up online with no protection it take less than an hour for a drive by attack to hit it. Basically, as soon as you are online you are a target.

This is coupled with the fact that small businesses generally try to produce intranet and internet sites for the smallest amount of money possible. Code security is still a new and often separate thing for highly paid expert programmers, and is often an after thought as you reduce costs.

Since most attack vectors now run over open ports like http(80) and https(443) and look for weakness in code, small business are left especially open to attack and client manipulation, and what’s worse is they think they are safe because they are obscure.

I commonly see small businesses, doctors offices and mid-size companies under breach much more often when working with law enforcement. And the truth is at that point the damage is done. Even if you catch the perpetrator there is no undo for cyber attacks.

This is why Code Defenders was created and why we target this gap. Because as a citizen with data out in the world I am only as secure as my doctors office is, or the online store I buy from. The most insecure business I interact with is my level of security my data is protected at.

“Criminals use of hacking is on the rise. Often, hackers are half-way around the world from their victims, in jurisdictions with minimal criminal prosecution of cyber crimes and no extradition to a victims’ jurisdiction. As large companies have fallen victim to the effects of hacking, they have begun investing billions of dollars into protecting themselves and their customers.

Hackers have reacted by targeting smaller and medium sized businesses with ransomware and doxing threats, then turning to extortion or selling identity theft information on the black market. Medium to small businesses are often prime targets with little to no security in place and little knowledge of how to defend themselves or their clients. Often, these businesses are not even aware of their level of exposure, with the average cost of any incident starting at $100,000 and the average cost per customer record exposed in an incident totaling about $221. — Pieter VanIperen, Founding Member, Code Defenders, Adjunt Professor Code Security NYU

Small Businesses are often Most at Risk for Cyberattacks

More than 70% of small companies are the target of cyber-attacks, and this number will only increase as more tools become available to cyber criminals. Small businesses love to advertise that they are “now in business!” This is not only an outreach to customers, it is also an (unknown) outcry to hackers to saying, “come hack me!” Small business thrive on the web and in social. Registering new URLs tells the world a new site is available to compromise. Many small business start out (and often remain) distributed. Working from Starbucks or others places with “free wifi” is often never free. There is plenty of nefarious actors that would, spoof and/or otherwise compromise free access points. Once breached, that device is available to the hacker whenever she wants to take control — or take data. Paul Kraus, Founder & CEO, Eastwind Networks

Anybody, even “script kiddies” with no programming skills, can put together and reap the financial rewards of ransomware attacks

Small businesses need to be prepared for the multi-million dollar ransomware industry, which has grown and will continue to grow with amazing speed in the years to come. This is due in part to the spread of untraceable cryptocurrency such as Bitcoins and the proliferation of ransomware kits on the dark web, which allow anybody, even “script kiddies” with no programming skills, to put together and reap the financial rewards of ransomware attacks. Social engineering and phishing attacks seem to make up the other half of ransomware woes. Attackers trying to find an opening into a network — a chink in their armor — will often use phishing techniques to help figure out how to worm their way into user accounts, such as using personal information to better guess account and network passwords. Constant vigilance and thoughtful, prudent, proactive security measures will keep users safe not just from ransomware attacks, but all cyberattacks. Users should keep their fingers on the pulse of cybersecurity and look for new exploits and threats to be aware of on an ongoing basis. — Adnan Raja, Vice President of Marketing for the web hosting provider Atlantic.Net

The Equifax breach is an unfortunate and recent example of how every company — regardless of size or scale

“The Equifax breach is an unfortunate and recent example of how every company — regardless of size or scale — needs to have safeguards in place and be aware of technology benefits, risks and costs. And earlier this year, 84 Lumber’s website crashed because it received unexpectedly high traffic following its now infamous Super Bowl ad, costing the company in lost revenue and decreased public perception. Equifax and 84 Lumber are massive organizations, but the same issues that plague both should be concerns for small businesses as well.

“When it comes to IT, even the smallest businesses have similar needs to the world’s largest organizations. Fundamentally every organization, every startup, is powered by technology. Digital-first companies like Box, Netflix, StitchFix, and others are bringing increased competition to small businesses, and driving new expectations for speed of service and an always-on and available mentality for consumers.

“The big difference is that small businesses are using standardized cloud services (SaaS, Cloud infrastructure, Microsoft Office 365, Google Docs) vs. building infrastructure & applications of their own. They still have investments in end-user computing (desktops, mobile, telecom) and networking. Their data is just as sensitive — they work with many vendors. They must manage the security of their customer’s and employee’s data so cybersecurity is critical. They must also manage their technology spending across multiple vendors and make data-driven decisions to manage the business of technology. They must plan and forecast their tech spending. The needs are the same, though scale is different. The problem facing small business is sometimes even more severe because unlike large companies they are not able to make the investments in resources and people to manage security and business of IT.” — Apptio CEO Sunny Gupta

Small businesses often hold the sensitive data and personally identifiable information of many people, such as app developers

It seems as though a new data breach surfaces every day, and while it’s usually large corporations making the headlines, that doesn’t mean small businesses are immune to cyber security issues. In fact, that’s far from the reality. Manta, an online resource for small businesses, surveyed over 1,400 small business owners and found that small businesses lack basic security policies and practices — most likely because they underestimate the likelihood of cyberattacks striking their companies. The survey found that 87 percent of owners don’t feel they’re at risk to a data breach, yet 12 percent had previously experienced a breach. And, what’s even more concerning is that about 1 in 3 small business owners have no IT security controls in place.

Small businesses often hold the sensitive data and personally identifiable information of many people, such as app developers. These companies are often very small shops with a handful of employees. Yet they may have access to the data of millions of people around the world. Their success, without security, can easily turn into a catastrophe. The bottom line is that every organization has sensitive data, including customer information, employee records, intellectual property, and medical records, that they must protect — no matter how large or small the business is. To protect all of these appropriately, owners and their IT teams must understand the lifecycle of data in their businesses. Determining what the data is, how it is being created or collected, how it is maintained, stored, and shared while it is being used, and how it should be disposed of are key when implementing better practices that will protect these valuable assets.

Once small business owners and their IT departments have an understanding of the original source of the data, they can best decide where it should live, with whom it can be shared, how it can be accessed, and how it should be destroyed. Though this takes some upfront legwork on the IT teams’ end, it shouldn’t lead to increased budgets or teams in the long run. And, more importantly, it will help limit a small business’s risk to a damaging data breach.” — Dana Simberkoff, Chief Risk, Privacy and Information Security Officer at AvePoint