Cyber security is vital for small businesses

Columnist Dean Swanson says just because you're not a Fortune 500 company, doesn't mean your data isn't important to protect.

Ask SCORE column sig
We are part of The Trust Project.

Do you think cybercriminals are too busy targeting the likes of Capital One, Citrix and Facebook to bother with your small business? Think again.

Some 76% of cyberattacks occur on businesses with fewer than 100 employees. Cybercriminals know small businesses tend to be easy targets, and that accessing a small business’s computer networks often gives them access to client and vendor networks, too.

Also Read
Columnist Kristen Asleson says strategic planning meetings are vital, but they need rules to keep them on track.
Columnist Dave Conrad says when the boss puts his daughter in a leadership role, it's in everyone's best interest if she's given ample opportunity to succeed.
Minority Owned Business Network offers resources, education and mentorship for minority business owners and aspiring entrepreneurs.

While digital transformation offers many benefits, it also comes with many challenges. For instance, investing in technology also increases cybersecurity risks. Artificial intelligence and machine learning have been known to potentially increase the attack surface for hackers, while big data and the cloud hold lots of information, which can pose a considerable risk in the wrong hands.

For a small business the cost of a data breach can be devastating. The average cyberattack costs smaller companies an average of $3,533 per employee. It takes an average 206 days to identify a risk and another 73 days to contain it.

No wonder nearly 60% of companies go out of business within six months of a cyberattack.


The stakes are high. Fortunately, there are some steps you can take to prevent a cyberattack. My recent discussions with CEOs remind me that this is one risk that is of high concern.

The FBI reports that instances of cybercrime grew as much as 300% since the beginning of the coronavirus pandemic. The Bureau’s Internet Crime Complaint Center (IC3) receives between 3,000-4,000 cybersecurity complaints a day, up from an average of 1,000 per day before the pandemic hit.

As America’s daily activities increasingly moving online due to stay-at-home orders, the opportunities for cybercriminals grew due to:

  • Employees, new to remote work, who were unaware of basic security measures.
  • Businesses struggling to keep externally-accessed systems secured.
  • Lack of social and workplace interactions.

There are ongoing uncertainties, including:

  • Supply chains (PPE and essential goods).
  • Online orders and payments.
  • Medical help and COVID-19 testing.
  • High unemployment.
  • Fears and other factors.

What’s putting your business at risk? The answers might surprise you. The five biggest cybersecurity risks for small businesses are:

  • Human Capital Risk: Hackers target employees, which is why you need a strong IT security staff. Educate your employees about your security requirements.
  • Cyberthreat Risks: These include phishing and social engineering (tricks cybercrooks use to make people do things they don’t want to do); clickjacking (technique used by cybercriminals to hide malware and other threats under content of legitimate sites); botnets (a network of hijacked computers and devices infected with malware remotely controlled by a hacker to send spam and launch DoS attacks; file-less attacks (malware that doesn’t drop a file on your disk, but can infect your computer, steal your data, etc.); and denial of service (DoS ) attacks designed to disable, shut down or disrupt a network, website or service).
  • Data Risk: The exposure to loss of value or reputation caused by issues or limitations to an organization’s ability to acquire, store, transform, move, and use its data assets.
  • Infrastructure Risk: Potential losses due to failures to protect business critical data assets and applications. It’s key to make sure technologies, such as mobile, cloud, social media, and "internet of things" devices – think everything from your Ring doorbell to your smart thermostat – are safe to use in the workplace.
  • Operational Risk: Protecting against data breaches and other cybersecurity threats.

You should keep track of key cybersecurity trends to understand the latest developments and current threats. This intelligence is key to improving your cybersecurity strategy and response plan. Additionally, invest in employee training, enhance your IT systems, keep your software updated, fix all security holes, and have an effective security policy.
Cyberthreats has grown more sophisticated every year. Next week, I will suggest what you should watch for to protect your small business from these risks.

Dean Swanson is a volunteer Certified SCORE Mentor and former SCORE chapter chairman, district director and regional vice president for the North West Region.

What to read next
"We have adjusted our flying based on demand to the Fort Myers area in January as the region recovers from the hurricane. We will continue to monitor Florida’s recovery and demand for travel and adjust,” explained Sun Country’s Senior Director of Communications Wendy Burt.
New episodes are published weekly on Fridays.
With many changes to the building over the years, the former 7th Rib Supper Club, 301 Hwy. 63 South in Racine, will now become an event center for the town and surrounding community starting Saturday, Dec. 3, 2022.
Plans are moving forward to open a Uni Uni bubble tea franchise at 1227 Second St. SW., across Second Street from Mayo Clinic's Saint Marys Hospital. It’s expected to open in 2023, possibly as early as February.