A recent article published at Florida Trend addressed the fact that nearly 45% of the Florida’s private workforce was employed by small business which are all vulnerable to a large and growing problem: cybersecurity.
And Florida certainly isn’t alone in these concerns.
In fact, 43% of all worldwide cyber attacks were targeted at small businesses with fewer than 250 employees, according to Symantec’s annual Internet Security Threat Report released in 2Q16. In addition, statistics indicate that small business cyber attacks continue to grow at an alarming rate. But, as 2016 draws to a close, many small businesses are still not prepared to deal with cyber threats and their effects.
To further illustrate the problem, a November 2015 study by Nationwide Insurance indicated that 79% of small businesses didn’t have cyber response plan, even though 63% of those businesses have already been a victim of a cyber attack!
Clearly, there’s no shortage of evidence that cybersecurity affects businesses of all sizes, but it remains unclear why small businesses are slow to adopt even rudimentary cybersecurity awareness. While Red Lambda provides cybersecurity threat detection solutions designed for large, enterprise-level companies, we believe that cybersecurity should be a high-priority for businesses of all sizes.
Small Business Cybersecurity Resources
With that in mind, we’ve assembled a series of helpful resources (most of them free) to help small (and all) businesses understand cyber threats, develop cybersecurity policies and procedures, and implement effective cybersecurity protections.
These resources can be useful to companies just starting and those continuing to build their cybersecurity programs:
General Information - Staysafeonline.org (powered by the National Cyber Security alliance) has an array of great resources appropriate for small businesses (and individual use) including:
- Risk assessment
- Monitoring threats
- Implementing a cybersecurity plan
- Employee training
- Free security check-ups
You can access these resources here: https://staysafeonline.org
Small Business Association - The United States Small Business Administration has an entire section on its website dedicated to small business cybersecurity. Here you can get information on cybersecurity introductions, tools and resources, social media cyber vandalism, cybersecurity training, to name a few: https://www.sba.gov/managing-business/cybersecurity
The FCC’s Cybersecurity Hub - The Federal Commerce Commission (FCC) Cybersecurity and Small Business page provides links to many cybersecurity resources and information that can be used to construct effective cybersecurity programs for small businesses: http://www.fcc.gov/cyberforsmallbiz
- General Cybersecurity Tips - This one-page FCC document contains 10 key tips for protecting your business. It’s a good starting point for several tactics to mitigate cyber risks: https://apps.fcc.gov/edocs_public/attachmatch/DOC-306595A1.pdf
- Guide to Creating Cybersecurity Plans - Developing a comprehensive cybersecurity program can seem overwhelming. To make the process easier, the FCC has a free online resource that allows businesses to download a cybersecurity planning guide that helps to ensure your organization follows a methodical, proven approach to creating effective cybersecurity measures: fcc.gov/cyberplanner
Public Cyber Threat Awareness - The Department of Homeland Security (DHS) has also established a national public awareness campaign aimed at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online. This website has great tips for home computing as well as for small businesses: https://www.dhs.gov/stopthinkconnect
Employee Training - An important ingredient in an effective cybersecurity program involves employee training to thwart social engineered attacks on your business. Industry reports indicate that 91% of attacks originate in employee e-mails and employee training can have a significant, positive impact on your organization’s cybersecurity. With that in mind, here are a few providers of employee-directed cybersecurity training:
- PhishMe - PhishMe offers free computer based training on its website: http://info.phishme.com/adwords_CBFree
- Wombat - With discreet paid training courses and comprehensive offerings, Wombat Security Technologies provides ASP training solutions that address anti-phishing, social engineering, mobile security, and more: https://www.wombatsecurity.com
Stay Informed and Up to Date - Cyber threats evolve quickly (daily). As a result, its important for your business to stay informed of cybersecurity trends and resources by subscribing to cybersecurity newsletters and visiting industry resource websites. Here’s a few that are certainly worthy of your consideration:
- Data Breach Today - Offers news and resources and a great daily summary of cybersecurity issues and threats: www.databreachtoday.com
- DARKReading - DARKRreading (an Information week publication) offers abundant cybersecurity resources including a daily security newsletter: www.darkreading.com
While the future may be impossible to predict, it is certain that cyber attacks on businesses of all sizes will continue to escalate in the coming year. With that in mind, it is important that organizations, both large and small, make a commitment to re-evaluate their cybersecurity policies, procedures and tactics. While we can’t stop cyber attacks from happening, we can mitigate their effects and protect data assets by using comprehensive programs, employee training, and state-of-the-art cybersecurity technologies.
As 2016 draws to a close, the entire Red Lambda team wishes you and your company a prosperous and cyber-secure New Year!
Team Red Lambda