Small businesses are at risk for cyberattacks. Here's how to address them

Along with a proper response plan, small businesses should understand what not to do to avoid future cybersecurity attacks.

Cyberattacks can shut down businesses for more than a day and having a response plan can help expedite the recovery process. (Credit: Melinda Nagy/Adobe Stock)

Small businesses are often prime targets for cybercriminals because of the sensitive information stored in their databases. They also commonly lack proactive measures to fight against cyberattacks. According to the Small Business Administration, 88% of small business owners feel their company is not prepared for a cyberattack.

Cyberattacks can shut down businesses for more than 24 hours and can come at a major cost.

BullGuard’s 2020 research study revealed that 25% of small business owners said they had to spend $10,000 or more to resolve a cyberattack.

We highly recommend firms provide cybersecurity training to all employees on a regular basis. Below is a six-step response plan for any employee to follow if they suspect cyber attackers have targeted them:

  1. Do not have employees turn their computers off, rather disconnect them from the network. This can be completed on a Windows computer by:
    • Clicking on the Start menu.
    • Clicking on “Settings.”
    • Selecting “Network Connections” in the Settings menu.
    • Right-clicking and selecting the “Disable“ option.
  2. Windows users should start a full system antivirus/antimalware scan on the computer. Most antivirus programs will create an easy access icon in the Windows Desktop Tray (small icons by the clock on the taskbar), which can be used to quickly launch a scan. Your employees should be comfortable launching these types of scans, and if they are not, regular IT trainings should take place. Mac users should consult with their IT department on this step, as it will depend on their specific operating system.
  3. Contact IT support immediately. It is very important the employee share detailed information about their suspicions as soon as possible. IT should secure the exact time of the event (as close as possible), what was experienced, and any information/data which might have been entered into screens or used during the incident. This will ensure the IT support team can help prevent any further compromise. If you do not have an IT support team, we strongly encourage you to hire an outsourced IT consultant.  
  4. Once the incident is in the hands of IT, have the employee take a moment to review their notes and verify everything has been clearly and correctly notated. Employees can email the notes to themselves to keep a record of the incident. Ensure you capture:
    • The date and time of the incident.
    • What software they were using when the incident occurred.
    • If any files or email attachments were downloaded.
    • What information, if any, was entered into a web browser.
    • If a login occurred, what username and password were used? More importantly, is the same password used with any other accounts or logins.
  5. If the employee logged in, ensure they update all passwords that are the same or similar to the password that was shared with the attackers. The same/similar passwords should never be reused.
  6. Finally, ensure the incident is communicated to management as soon as possible. 

According to Renju Varghese, fellow and chief architect, cybersecurity and GRC, at HCL Technologies Ltd, one of the main contributors to underreported cyberattacks is siloed, disparate security solutions that don’t work together. In addition to contracting an outsourced IT provider, small businesses should ensure their team has up-to-date antivirus software in place.

Along with a proper response plan, small businesses should understand what not to do to avoid future cybersecurity attacks, including:

The complexity of the cybersecurity landscape, coupled with teams that lack the tools and cybercrime knowledge to identify and address threats, leaves too many small businesses vulnerable to increasingly sophisticated attackers.

Julian Makas is chief information security officer at ComplySci. With more than two decades of in-depth information systems exposure, he has extensive experience in analysis, design, development, and implementation of client-server and cloud-based information systems, with a focus on information security on such topics as applications and network security, vulnerability assessment, testing and auditing, and risk assessment through network penetration testing.

Join our LinkedIn group, ALM’s Small Business Adviser, a space where small business owners can gather to network, have discussions and keep up with the trends and issues affecting their industries.

Related:

The threat of deepfakes and their security implications

Cyberattackers are exploiting SPoF to cast a wider net of chaos

Mitigating the effects of a malware attack