The US Securities and Exchange Commission (SEC) in October 2015 declared that small businesses succumbing to a cybercrime often have neither the finances nor the personnel to recover from the attack in a timely fashion. The SEC report adds, "The number of firms reporting that it took them at least three days to recover from an attack rose to 33 percent last year, up from 20 percent the year before. The survey also determined that Small- and Medium-sized Businesses (SMB) victimized by a cyberattack were likely to be targeted again."
It does not take much discernment to realize this problem is not going away soon. Small businesses, already running lean financially, are hard pressed to spend on cybersecurity technology.
SEE: Cybersecurity strategy research: Common tactics, issues with implementation, and effectiveness (Tech Pro Research)
Multiple security systems are needed
In a recent CSO editorial, contributor Dror Liwer explains what cybersecurity technology is needed by small businesses. "A company that allows BYOD and is connected to different cloud services has to protect four security components: user identity, devices used, connecting networks, and cloud services employed," writes Liwer. "This normally leads to purchasing at least four different security platforms."
That is only one half of the cost. Modern cybersecurity systems are complicated, requiring trained staff. "For SMBs, sometimes the entire IT department is no larger than 2-3 employees, whereas enterprise-level corporations can afford whole IT departments stacked with large security teams," explains Liwer. "This disparity in staff often leaves SMBs exposed and a lot more vulnerable to cyberattacks, and unable to recover when they happen because they lack the technology and staff to do so."
And let's not forget the "cat-and-mouse game" between malware developers and antimalware providers. "Cyber protection is developing as fast as malicious attacks," warns Liwer. "It is important that staff are continuously trained and updated on current threats and the different ways to mitigate or respond to them."
Fortunately, help is available. Organizations well aware of the importance of small businesses are developing information programs specifically for them and offering suggestions on how to improve their cybersecurity stance. One such organization is The Wall Street Journal, an entity with a definite vested interest in keeping small businesses healthy.
WSJ Pro Cybersecurity
The Wall Street Journal has created WSJ Pro Cybersecurity, a program specifically designed for small businesses. WSJ Pro Cybersecurity provides information about cybersecurity using a business lens. For $25 plus tax a month, membership includes a daily newsletter, panel discussions, interviews, webinars, and white papers. There is currently a two-week free trial for those who are interested in learning what kind of information is being disseminated.
According to the WSJ Pro Cybersecurity website, the newsletters will include:
- Analysis of cyberattacks and their aftermath, including how hackers gained access, how well companies responded, and what costs they incurred.
- How companies are preparing for and responding to cyberattacks across all their business functions, including technology, compliance, communications, and customer service.
- What companies need to do to adhere to government and state regulations surrounding data, including data governance and disclosure.
- How companies can work with the government to protect themselves against cybercrime.
- What measures small businesses should be taking to defend themselves against cybercrime.
WSJ Pro Cybersecurity Small Business Academy
Besides the newsletter, WSJ will begin offering the WSJ Pro Cybersecurity Small Business Academy, a two-day conference on cybersecurity and how it relates to smaller companies. "For large companies, cyberattacks can be costly and can jeopardize customer relationships, but for smaller businesses cyberattacks can be a fatal blow," from this WSJ press release. "Smaller businesses can also lack the resources of large companies and are often faced with a confusing array of vendors offering services."
The Academy aims to address this information gap by having:
- A full day of discussions that identify cyber problems and solutions for small businesses.
- A full day of hands-on training providing attendees the skills needed to tackle the problems identified on the first day.
"For the first time, WSJ Pro will present small businesses with the opportunities for learning, insight and networking we have previously provided to executives of large companies," states Will Wilkinson, general manager of WSJ Pro, in the press release. "This shows our commitment to playing a part in helping business owners address one of the major risks they face."
- Reducing the risks of BYOD in the enterprise (free PDF) (TechRepublic)
- The top 10 security challenges SMBs face (TechRepublic)
- How to make your small business unattractive to cyberattackers (TechRepublic)
- 7 tips for SMBs to improve data security (TechRepublic)
- How companies with small budgets can still build a cyberdefense plan (TechRepublic)
- Cyberinsurance is gaining steam for smaller businesses (TechRepublic)
Information is my field...Writing is my passion...Coupling the two is my mission.