During the early days of COVID-19, most small businesses had to close their physical storefronts and make their online debut. Believing that cybercriminals only target large businesses, most were not protected from cyberthreats. This lack of protection proved costly for small businesses, which is certainly a big business in the United States.
Mark Madrid, the Associate Administrator for the Office of Entrepreneurial Development at the U.S. Small Business Administration (SBA), said that in 2021, almost a quarter of small businesses suffered at least one cyberattack with financial loss, and many did not survive.
He added there are at least 32.5 million small business owners today, with 5.4 million having started during 2021—the highest level on record.
“With small businesses as a driving force of our nation’s economy, we have to step up and help. Small businesses often constrained by limited resources and unable to invest proportionately in cyber security are too valuable suppliers, service providers, community leaders, and employers to leave vulnerabilities unaddressed,” Madrid said, speaking during a webinar entitled Value Proposition of a Cyber Small Business: How a Small Business can Use Cybersecurity to Protect Their Customers – While Also Increasing Their Revenue Stream, hosted by the Global Cyber Alliance (GCA) and New York Metro InfraGard Members Alliance.
Statistics provided by speakers during the online seminar included:
- 9 million to 10 million small businesses did not have an online presence before the pandemic.
- 76% of small businesses decided they needed to create a website during the pandemic.
- There have been increasing problems with ransomware, which is malicious software that prevents people from accessing their computer files, with bad actors demanding a ransom payment. Roughly $300 million in ransom was paid to malicious actors in 2020—a more than 300% increase compared with the previous year.
- Cybercrime increased by 600% during the pandemic.
- Small businesses employ over 50% of all consumers in the United States and are over 50% of the U.S. gross domestic product.
- 60% of small businesses go out of business within 6 months after a cyberattack.
- There are 3.3 million password-related attacks in 1 hour.
Madrid encouraged small businesses to protect themselves from cybersecurity threats and recommended these seven resources:
- Visit an SBA District Office—there are 68 throughout the United States, Puerto Rico, and U.S. territories—to learn about funding programs, counseling, federal contracting certifications, and disaster recovery.
- Connect with an SBA local Resource Partner, which includes:
- Small Business Development Centers—free counseling and training;
- Service Corps of Retired Executives Business Mentors—free advice via e-mail, telephone, and video;
- Veterans Business Outreach Centers—free entrepreneurial development opportunities for veterans; and
- Women’s Business Centers—help women with free or low-cost training and counseling.
- Visit the Stop Ransomware website. These free services are provided as the result of cooperation with other federal agencies, such as the Cybersecurity and Infrastructure Security Agency, the National Institute of Standards and Technology, and the Federal Bureau of Investigation (FBI).
- Visit the Small Business Digital Alliance website for free content, tools, and assistance.
- Consider learning about Cybersecurity Maturity Model Certification and getting certified to increase your chances of doing business with the federal government, which could increase your company’s revenue.
- Think about competing for funds in the Small Business Innovative Research Program to help solve critical business problems and grow the economy.
- Participate in the cybersecurity summit in October 2022 during National Cybersecurity Awareness Month, which is available free to small businesses and advocates. Madrid recommends business owners learn more by signing up to receive SBA newsletters by clicking here.
Additionally, Brian Cute, Director of Capacity and Resilience for the GCA, says that “you’re going to be surprised by what you can do to reduce your risk.”
He recommends that small business owners, or delegated experts, take the following steps, which are part of the GCA Cybersecurity Toolkit:
- Know What You Have
- Know what is in the network and the devices it is tied to.
- Know the applications.
- Do a complete digital inventory.
- Update Your Defenses
- Update devices and applications automatically.
- Encrypt data.
- Secure websites.
- Use Strong Passwords
- Create strong and unique passwords.
- Use password managers appropriately.
- Utilize Multifactor Authentication
- Possession—something you have, like a phone;
- Inherence—something you are, like a fingerprint;
- Knowledge—something you know, like a password;
- Location—where you are and whether it’s an authorized location; and
- Time—temporary, time-based, onetime passwords.
- Protect from Phishing and Malware Attacks
- Phishing—e-mails that pretend to be from reputable companies so people will reveal personal information such as passwords and credit card information; and
- Malware—malicious software, like viruses, designed to steal data and damage computer systems.
- Back Up Data
- Know how to back up data safely to protect from ransomware.
- Know how to recover data from the backup.
- Protect E-Mail and Your Reputation
- Use the Domain-Based Message Authentication, Reporting, and Conformance (DMARC) e-mail standard to stop spammers from using company domains.
- The DMARC ensures the sender of an e-mail has permission to use your e-mail domain and send e-mail.
- The DMARC will allow e-mails to go to customer inboxes rather than spam folders.
Cute adds that following these tips is important not just to defend your business but also so it can grow and potentially work with the government.
While some small business owners may hire experts to help defend them from cybersecurity attacks, others may want to do it themselves. Either way, the SBA wants small businesses to succeed and grow and recommends these seven resources, most of which are free of charge.