Disaster Preparedness Education Strategy

Despite warnings of increased cyber risk, small businesses aren’t prepared for an attack. We have some tips

Since Russia invaded Ukraine, the US government has warned that cyber attacks are much more likely. Yet, according to a new survey, small business owners are not more concerned or prepared for a cyber attack than they were a year ago.

The CNBC|SurveyMonkey Small Business Survey polls over than 2,000 small business owners every quarter to understand their outlook on the overall business environment along with their own business’s health.

Here are some findings from the latest survey:

  • Just 5% of small business owners reported cybersecurity to be the biggest risk to their business right now.
  • Quarter over quarter, the number saying cybersecurity is their top risk has held steady and is the lowest priority out of the five areas surveyed.
  • In the same time period, the number of small business owners who say inflation is the biggest riskto their business has increased from 31% to 38%, holding the top spot in terms of risk.
  • The numbers reporting supply chain disruptions and Covid-19 as the biggest risk have both declined.
  • While it isn’t their top worry, almost four in 10 small business owners say they are very or somewhat concerned their business will be the victim of a cyber attack within the next 12 months. This trend, too, has held steady for four straight quarters, with no change at all since the Russian incursion into Ukraine.
  • The smallest of small businesses are the least concerned about cyber attacks: just 33% of owners with 0-4 employees are concerned about experiencing a cyber attack within a year, compared with 61% of small business owners who have 50 or more employees.
  • Few small business owners rate cyber threats at their top business risk, and fewer than half consider it to be a concern, but nevertheless a majority express confidence in their ability to respond to a cyber attack. Just as in previous quarters, about six in 10 small business owners are very or somewhat confident that they could quickly resolve a cyber attack on their business if needed.



What’s a small business to do? Here are some recommendations  Growbiz has gleaned from experts:

  • As you put your cybersecurity plan into place, consider firms that have experience in helping small businesses respond to cyber attacks. Your IT or managed service provider may have suggestions. The main function of a competent incident responder is to quickly identify the issue, stop the attack and minimize damages.
  • Go beyond passwords (and there are an alarmingly high number of companies that don’t even have a strong password policy). Require 2-factor identification for everything, including customer-facing applications, any remote access and cloud-based email.
  • Keep your operating system and antivirus software up to date and patch your operating systems as soon as they become available. This sounds super basic but it’s often not done, especially among small businesses.
  • Web application compromises now include code that can capture data entered into web forms. Consider adding file integrity monitoring on payment sites, in addition to patching operating systems and coding payment applications.
  • Your employees are your first line of defense against cyber attacks. They need to be trained to avoid becoming victims of phishing attempts and to report strange computer activity. Are company guidelines in place about the security of data on company laptops and on the use of unsecured WIFI? Employees who click on attachments is still one of the easiest ways for companies to get infected.
  • Speaking of employees, we know you love them. Yet about a third of cyber attacks on businesses last year were inside jobs: Monitor and log access to sensitive data, quickly move to shore up the access when an employee leaves the company and be vigilant.
  • Develop a plan for how you will respond if you are attacked, including alerting customers of the breach required by law, if that is the case, and managing the PR risk.

The Florida SBDC Network has a program and a website dedicated to cybersecurity education and advice.  That website offers a guidebook, videos and other information.  You can access the webpage here. In addition, Florida SBDC at FIU occasionally holds seminars on the topic.

Please send GrowBiz topic suggestions and feedback to GrowBiz@FIU.EDU

Leave a Comment