According to Verizon’s 2019 Data Breach Investigations Report, 43 percent of cyberattacks target small businesses, including hacking, social attacks and malware. What’s more, Symantec’s 2019 Internet Security Threat Report found that “formjacking” attacks have skyrocketed, with an average of 4,800 websites compromised each month. That’s where cyber criminals load malicious code onto retailers’ websites to steal shoppers’ credit card details. The Symantec report also found that supply chains remained a soft target with attacks ballooning by 78 percent.
Yet, Marc Farron, an IT consultant for Florida SBDC at FGCU, said 8 out of 10 small businesses don’t even have a cybersecurity plan. The risks are real: 60% go out of business within six months of a major cyber attack, he said in a presentation at the Small Business Leadership Conference in Orlando in June, produced by the Jim Moran Institute and the SBDC Network. “You should be concerned. This affects you,” he said.
HELP ON THE WAY
To equip small businesses with the education and resources to better protect their business from an attack, the Florida SBDC Network recently launched its new Cybersecurity Basics for Small Businesses program.
As part of the program, small businesses may determine their level of risk through the network’s new cybersecurity risk assessment, which is based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework. Additionally, the network has developed online cybersecurity training to help small businesses learn basic cyber risks, common cyber threats, and strategies to secure their business and respond to an attack.
In addition to training, Florida SBDC professionally certified business consultants, including those at Florida SBDC at FIU, the small business development center in FIU’s College of Business, are also available to work one-on-one with business owners to help them develop a cybersecurity plan.
“Small businesses can no longer afford to sit back and hope a cyberattack will not happen to them,” said Michael W. Myhre, CEO of the Florida SBDC Network. “While no program can prevent every attack, taking basic precautions can significantly reduce the risk of a business falling victim. We are very proud of our new service offering and look forward to helping our state’s small businesses better protect their business, employees, customers, and profits.”
BUILDS ON BYTE-SIZE PROGRAM
The Cybersecurity Basics for Small Businesses program builds on the success of the network’s Byte-Size Program, an educational program made possible by a grant through the Florida Center for Cybersecurity. Through the Byte-Size Program, the network delivered 29 cybersecurity workshops to over 700 small businesses statewide.
SBDC at FIU’s associate director, Brian van Hook, said its consultants have already been helping client companies with cybersecurity strategy and can do assessments. He added that he plans to roll out more cybersecurity programming in coming months.
Small businesses may learn more about the Florida SBDC’s new no-cost cybersecurity service offering by visiting www.FloridaSBDC.org/cyber.
GROWBIZ has been offering advice on getting your company cyber reader, as the increasing attacks and breaches pose a real threat to small businesses. Read more about protecting your company in these blog posts:
And while we are on the topic — and because ransomware attacks have been in the news — I would like to share some prevention tips from Cyber Florida’s Guide to Ransomware Prevention:
- Create multiple backups for all critical data; use a cloud backup that contains “multiple iterations of backups” in two separate physical locations.
- Stay current with all manufacturer updates and patches.
- Provide cybersecurity awareness training to all employees and repeat often.
- Put in place a cyber-incident response plan, as well as a business continuity and disaster recovery plan.
- Enable all spam filters, firewalls, anti-malware solutions and other security features.
- Restrict access to system and files to only those who need it.
- Isolate older “legacy” systems that no longer regularly receive manufacturer updates from other systems.
- Disable macro scripts from Microsoft Office files that are transmitted via e-mail.