By Dr. Kevin Harris | 10/11/2022
Significant media attention is often given to the large data breaches of multinational corporations that have become increasingly common in today’s digital age. These breaches have significant consequences for large organizations, such as fines, lawsuits and devastating damages to their business brands.
However, big businesses are not the only ones impacted by data breaches. For small businesses, one unfortunate cybersecurity breach could be insurmountable with an impact far greater than a large corporation and it could even lead to a small business having to close permanently. Entrepreneurs and small businesses must take steps to protect their digital assets if they wish to remain in business.
As the theme of this year’s Cybersecurity Awareness Month is “See Yourself in Cyber,” entrepreneurs and small businesses need to take action. A few statistics from Forbes underscores the importance of cyber to small businesses:
- Cybercriminals can penetrate 93% of company networks.
- Only 14% of small businesses consider their cyberattack and risk mitigation ability as highly effective.
- 66% have experienced an attack in the past 12 months.
Improving the Cybersecurity of Small Businesses Doesn’t Have to Be Costly
While resources for small business and entrepreneurs are often limited, it is important for everyone in smaller organizations to understand various cyber risks and look for creative ways to implement mitigation strategies. Small businesses can often employ a variety of cybersecurity tools and techniques that do not require large financial investments.
First, small business owners should identify the various type of digital assets they need to protect, including:
- Employees’ and clients’ personally identifiable information (PII)
- Electronic files
Second, insurance policies should be reviewed to understand cybersecurity coverages or lack of coverage. If necessary, a business owner could purchase cyber insurance to aid in recovering from an attack.
Third, small businesses should prioritize giving their staff cybersecurity awareness training at least once a year. There are many affordable cybersecurity awareness programs available in both online and in-person formats.
Fourth, small businesses should implement a password management program to support the creation and utilization of strong passwords. Wired Magazine has a list of favorite password managers, including some free options.
Fifth, small businesses should install Virtual Private Network (VPN) software on all mobile devices used by their employees – including laptops and phones – to encrypt the transmitted data of both in-person and remote workers. Forbes shared a list of its top 10 VPNs for 2022.
While strong leadership is critical to implement a strong culture of cybersecurity in small businesses, the habits of organization leaders are much more noticeable and set a positive example to be modeled by employees. Small businesses with an IT staff can take advantage of the large number of open-source tools to protect the organization’s cybersecurity infrastructure. We must all “see ourselves in cyber” and take action to collaboratively mitigate both internal and external cyber threats.
Dr. Kevin Harris is a faculty member in the School of Security and Global Studies, teaching classes in cybersecurity, information systems security and information technology. With over 25 years of industry experience, Dr. Harris has protected a variety of organizational infrastructure and data in positions ranging from systems analyst to chief information officer.
His career encompasses diverse experiences both in information technology and academia. His research and passion are in the areas of cybersecurity, bridging the digital divide, and increasing diversity in the tech community. As an academic leader, Dr. Harris instructed students at various types of institutions, including community colleges, HBCUs, public, private, graduate, undergraduate and online. He has trained faculty from multiple institutions in the area of cybersecurity as part of an NSF multistate CSEC grant.