Last year, 43% of all cyberattacks committed targeted small and medium businesses, according to Bob Thomas, chief information systems officer for Kyber Security.
Thomas delivered the staggering statistic during a recent presentation on cybersecurity for small businesses held by the Trumbull Chamber of Commerce in association with the Bridgeport Regional Business Council. Businesses from across the area were welcomed to Kyber Security’s new Trumbull offices to learn about best practices in the increasingly vital aspect of running a modern business.
Thomas and two other experts shared the latest information on cybersecurity from their perspectives and held a brief panel to answer audience questions.
Thomas explained that smaller businesses have become an increasingly popular target for hackers and cybercriminals. While small businesses are not capable of paying out huge sums like major companies, they are both easier targets and more likely to pay. Smaller businesses are also often less able to afford sophisticated network wide backups or be able to quickly revert data, so they often have no choice but to pay.
The typical payout for cybercriminals hitting small businesses ranges from $125,000 to $250,000, and 60% of small businesses with compromised cybersecurity were forced to shut down for reasons related to the attack.
Despite the very real threats, there are concrete steps businesses can take which can drastically reduce the likelihood of a business becoming a victim of cybercrime. Multi-factor authentication, where a message is sent to a phone or other device during login, was described as among the most effective ““ and Thomas stated the minor annoyance it can present to employees is magnified for criminals who may decide to not even bother with an attempt.
“Make it harder than the next person,”Thomas said, noting that basic measures can make a large difference when many people do even less. “These characters who are trying to break into people’s networks, if they find someone easy, they’re going to take advantage of that. If it’s difficult to get into your data and your network they’re going to move on to the next person.”Thomas highlighted the importance of effective back-ups, multi-factor authentication, and the use of password management systems which generate and store passcodes to avoid situations where one cracked password breaches all of a person’s account as key defensive steps for any business.
Mossimo Mallozi, the vice president of information technology at Paris Baguette America and a member of the Trumbull Economic Community and Development Commission, also spoke on the human element of cybersecurity.
“We talk a lot about what infrastructure and platforms should be put in place to protect your organization and your network from cybercrime, but I’m going to talk a bit about why it is important to make sure employees are aware of the risks and why training and employee security awareness is critical to the business,”Mallozi said.
Mallozi discussed the importance of training employees to recognize and avoid phishing scams, which have become increasingly sophisticated. This is particularly important for businesses that have regulatory compliance concerns or are worried about keeping the premiums on cyber insurance to a minimum.
Employees should be taught that whenever a particularly strange request comes through from a superior, such as buying gift cards or transferring funds in a non-standard way, that they should contact the superior in question via phone to confirm, according to Mallozi. He added that employees should develop the habit of hovering their cursor over links and sender names for a moment to ensure that the displayed information and the actual information match up. If they don’t, it could be a dangerous link to click.
“Your company is as good as the weakest link,”noted Valeria Bisceglia, education and training programs advisor of the Connecticut Small Business Development Center, adding that humans are typically the ones who make the decisions that allow cyberattacks to succeed and training resources remain a primary tool to bolster defenses. She urged attendees to explore the options available through the Small Business Development Council.
All three speakers agreed on both the importance of cybersecurity best practices and urged attendees to develop full plans and assessments of their needs with periodic updates.
