National Cybersecurity Awareness Month, marked annually in October, is sandwiched this year between one of the largest reported data breaches in history and the busiest online shopping period of the year. Now, the Connecticut Better Business Bureau says a new study shows small businesses are having difficulty calculating the cost versus risk of strengthening protection of their vital information. And state and federal authorities have formed a new statewide task force to investigate cybersecurity crimes. The study, conducted by the Council of Better Business Bureaus concludes that while most small businesses are aware of specific threats, the majority are at odds about how to prevent becoming a victim.
"Awareness of the potential and perceived cybersecurity threats is a crucial starting point," according to Connecticut Better Business Bureau spokesman Howard Schwartz. "The study shows that most small businesses are strengthening their data protection to some degree, however, it concludes they must place more emphasis on employee education to prevent cybercrime."
In an online survey of 1,100 businesses in North America, The State of Small Business Cybersecurity in North America finds 81 percent of small businesses use basic data protection tools such as antivirus software, and 75 percent protect their systems with firewalls. The downside is that the report reveals less than half of respondents concentrate on employee education, which is considered by the authors to be one of the most cost-effective prevention tools.
The most compelling reason for small businesses to take stronger cybersecurity measures, BBB points out, is because half of the study's respondents said they could not remain profitable for more than one month if their essential data was stolen.
Even though small businesses may be easier targets for determined cybercriminals, data breaches at the largest commercial, industrial and government networks yield information that is of much greater value because of stolen information's quantity and content, officials point out. BBB urges businesses to train employees about data security protocols, because firewall and antivirus protection are not sufficient if your employees don't know how to detect and steer clear of suspicious online activity.
The Connecticut Business and Industry Association (CBIA) points out that “getting hacked can destroy customers’ trust and cost companies millions of dollars in legal fees, investigations, damage control, and lost income,” adding that “too many companies underestimate this threat or simply don’t know how to protect themselves until its too late.”
CBIA is holding free webinars for CBIA member companies this fall, with sessions upcoming on Oct. 25, Nov. 15 and Dec. 15.
The State Director of the Connecticut Small Business Development Center, Emily Carter, points out that for many small business owners, cybersecurity doesn't extend beyond using antivirus protection. "It's something they think is only a threat for large corporations and big brands, but that's inaccurate," she explained. SBDC recommends that small businesses train employees on best practices upon hiring and regularly provide training on cybersecurity. SBDC has developed a workbook that lists resources that small business owners can access for free training, and a step-by-step guide to create a cybersecurity plan for their business.
“One of the most important things an employer can do for their business in the fight against cyber terrorism is to educate their employees," said Lynn Souza, CEO of KyberSecure, with Connecticut offices in Fairfield and Rocky Hill. "Cybersecurity is the responsibility of everyone, and end users are the gate keeper. Teach them how to spot fraudulent emails, remind them weekly to be vigilant, and post cybersecurity information in public spaces. Warren Buffet was quoted as saying ‘It takes 20 years to build a reputation and 5 minutes to ruin it. If you think about that you’ll do things differently.’ However I like to change that just a bit and say ‘It takes 20 years to build a reputation and one click to ruin it. If you think about that you’ll do things differently.' Teach your employees to always ask before clicking on anything and empower them with the tools and training they need to help protect your business,” Souza added.
Last July, Gov. Malloy announced a cybersecurity strategy for the state that included business among other sectors, and this week United States Attorney Deirdre M. Daly and representatives of federal, state and local law enforcement announced the formation of the Connecticut Cyber Task Force to investigate complex crimes in cyberspace. The state strategy indicated "person, agency,organization and business in Connecticut faces some degree of vulnerability. You are aﬀected whether you are a major corporation or the convenience store down the block." It warned that "today’s ﬁrewall is tomorrow’s soft spot. Cyber risks are inherently complex and changing." One of the key areas of focus for the Task Force is "to identify and disrupt criminal organizations that use computer intrusions to defraud companies of their money and information."
The Connecticut Cyber Task Force will be based at the FBI in New Haven. It includes representatives from the FBI, Drug Enforcement Administration, U.S. Secret Service, U.S. Postal Inspection Service, Homeland Security Investigations, Internal Revenue Service – Criminal Investigation, Defense Criminal Investigative Service, Connecticut State Police and 11 police departments from across the state, including the Bridgeport, Bristol, Fairfield, Greenwich, Hartford, New Canaan, New London, Norwalk, Stamford, Torrington and Westport Police Departments.
“The broad reach of cyber criminals can be felt almost every day in Connecticut,” said U.S. Attorney Deidre Daly. “Day after day, we learn of companies, municipalities, educational institutions, hospitals, public utilities, nonprofits and citizens being targeted by bad actors. These cyber criminals seek to disrupt our work, steal our intellectual property, compromise the personal or financial information of employees, customers and citizens through dedicated denial of service (DDOS) attacks, spear phishing campaigns, ransomware and malware attacks and other computer hacks or cyber intrusions.”
Adds Carter, "Cybersecurity is becoming a bigger and bigger issue, and it's not going anywhere."
Business owners can learn more about cybersecurity steps they can take through "5 Steps to Better Business Security" at bbb.org/cybersecurity. BBB also offers these tips to help protect personal and financial data while doing business and browsing online:
- Look for HTTP"S" - You will find it in your web browser's address bar. The "s" stands for secure and it will be accompanied by a padlock icon. That means the business is using technology to secure information between your digital devices and its website. Avoid using free wireless connections for shopping - Scammers can set up a fake wireless network with a legitimate-looking name in a coffee shop, restaurant, library, airport, hotel or anywhere else. Unless you verify the name of the establishment's real network, a hacker can burrow into your computer. Experts also recommend avoiding conducting any commerce or logging on to your accounts using a free public wireless network.
- Greeting cards can come at a high price - It's not unusual to receive an online greeting card at this time of year, but you can lessen the chances of downloading a virus if you confirm with senders that they emailed the card link to you. Clicking on a fake holiday card can cause big trouble and infect your computer.
- Educate your family - Explain why it is potentially dangerous to click on email or social media links or attachments, unless they are absolutely certain the sender is legitimate. Use the same caution on websites when clicking on hyperlinks or downloading files.
- Update and scan - Antivirus and firewall software do not provide sufficient protection unless you update it and scan your computer or smart device regularly.