Home > NewsRelease > Cybersecurity Threats During Covid Are Up 300% -
Text
Cybersecurity Threats During Covid Are Up 300% -
From:
James J Talerico Jr - SMB Expert - Management Consultant James J Talerico Jr - SMB Expert - Management Consultant
Dallas - Ft. Worth , TX
Monday, August 10, 2020

 

The financial impact of Covid-19 and heightened tensions with China have many  concerned that businesses will cut budgets and overlook the serious threat of cybercrimes.  Since the onset of Covid, the FBI has reported a 300% increase in cybercrimes. 

Cyberattacks have continue to be reported in significant numbers by small businesses for several years now and these attacks have become more sophisticated and more severe. Consider the following statistics from 2017:  

  • 18.5 million websites are infected in any given week, and 80% of these websites are small business web sites.
  • 400,000 new pieces of malware (which is usually delivered via e-mail and can steal, alter, and delete data) pop up on the Internet every day, and 58% of malware attacks are against small businesses. 
  • 54% of all organizations were hit with ransome ware in 2017 at a cost of over $5 billion dollars.

Last year, I sat in on a cybersecurity seminar my client in Tulsa held for his employees and it really opened my eyes to the risks small businesses face today to cyberattacks. The most common problems highlighted during this seminar were: (i) weak password policies, (ii) unprotected mobile devices, (iii) not performing software updates in a timely manner, (iv) non-existent employee training, and (v) a lack of investment in cybersecurity.

Hackers can break into most passwords in less than 10 minutes. Small businesses can strengthen their password policies by having their employees change their passwords quarterly, and by following "The 8+4 rule."  "The 8+4 rule" strengthens passwords by mixing eight characters with four different types of characters -- upper case, lower case, symbols, and numbers.  If you add one additional character, (8+4+1) that password will take a hacker 44,000 years to crack.  

Because most hackers break into a network through one's e-mail and many employees today access their employers network through their smart devices, it is also important that businesses create a "mobile device policy," which, at minimum, should include the above "8+4+1" password policy.  Information about creating a mobile device policy can be found on the Internet.

There is no excuse for not performing regular software updates as they can be automatically programmed when setting up most software today, albeit performing regular software updates still needs to be part of an employee training program on cybersecurity. 

The Small Business Administration (SBA) offers a free cybersecurity training module that can be downloaded from the Internet to train your employees. The SBA also promotes the following ten-(10) cybersecurity best practices:

  • Protect your business against viruses, spyware, and other malicious code.

Make sure each of your computers and mobile devices are equipped with antivirus and antispyware and configure all your software to install updates automatically.  These updates provide patches that protect against problems and maximize the functionality of your electronic devices.

  • Secure your networks by using a firewall and encrypting information.

If you have a Wi-Fi network, make sure it is secure, hidden and password protect access to your Wi-Fi network or router.  To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, which is known as the Service Set Identifier or SSID.

  • Establish security practices and policies to protect sensitive information.

Establish policies on how employees should handle and protect personally identifiable information and other sensitive data.  Clearly outline the consequences of violating your business's cybersecurity policies and enforce these policies.

  • Educate employees about cyberthreats and hold them accountable. 

Educate your employees about online threats and how to protect your business's data, including safe use of social networking sites.  Depending on the nature of your business, employees might be introducing competitors to sensitive details about your business.  Employees should be informed about how to post online in a way that does not reveal any trade secrets to the public or competing businesses.   And hold your employees accountable to the business's Internet security policies and procedures.

  • Require employees to use strong passwords and to change them often. 

Consider implementing multifactor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multifactor authentication for your account.

  • Employ best practices on payment cards. 

Work with your banks or card processors to ensure the most trusted and validated tools and anti-fraud services are being used.  You may also have additional security obligations related to agreements with your bank or processor.  Isolate payment systems from other, less secure programs and do not use the same computer to process payments and surf the Internet. 

Also, shift from magnetic-strip payment cards to safer, more secure chip card technology, also known as "EMV."  (Visit SBA.gov/EMV for more information and resources.) 

  • Make backup copies of important business data and information.

Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files.  Backup data automatically if possible, or at least weekly, and store the copies either offsite or on the cloud. 

  • Control physical access to computers and network components

Prevent access or use of business computers by unauthorized individuals.  Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended.  Make sure a separate user account is created for each employee and require strong passwords.  Administrative privileges should only be given to trusted IT staff and key personnel.

  • Create a mobile device action plan.

Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks; and be sure to set reporting procedures for lost or stolen equipment.

  • Protect all pages on your public-facing websites, not just the checkout and sign-up pages.

Cybersecurity is one of the most serious economic and national security challenges we face as a nation today.  The good news about protecting your business from cybersecurity attacks is that it isn't expensive, and business owners can quickly make the necessary investments to protect their businesses from cyberattacks; however, if you think that your small business is not likely to be hacked in the future, it's time to change your thinking and take action to protect your business from the risk of a costly, future cyberattack.

For additional information about cybersecurity during Covid-19, go to CISA.gov. CISA stands for the "Cybersecurity and Infrastructure Security Agency," which is an agency within homeland security to advise against risks, work with partners to defend against today's threats and collaborate to build more secure and resilient infrastructures.

Looking for more information about successfully navigating the Covid Crisis ?

Our Small Business Owner's Covid Survival Kit is available through our on-line store on my Square web site https://greater-prairie-business-consulting.square.site/

It contains almost three dozen files filled with a plethora of financial, tax, HR, safety, leadership, sales, marketing, and government information to help business owners survive the Covid Coronavirus Crisis.

We offer a 100% Money Back Guarantee if you are not completely satisfied, and free updates.

About the Author

A nationally recognized small to mid-sized business (SMB) expert, Jim Talerico has consistently  ranked  among  the "top small business consultants followed on Twitter.”  With more than thirty - (30) years of diversified business experience, Jim has a solid track record helping thousands of business owners across the US and in Canada tackle tough business problems and improve their organizational performance.

A regular guest on the Price of Business on Bloomberg Talk Radio, Jim’s client success stories have been highlighted in the Wall St Journal, Dallas Business Journal, Chicago Daily Herald, and on MSNBC’s Your Business, and he is regularly quoted in publications like the New York Times, Dallas Morning News, Philadelphia Inquirer, and on INC.com, in addition to numerous, other industry publications, radio broadcasts, business books, and Internet media.

Jim Talerico is a certified management consultant CMC ©, an honor bestowed on only 1% of all consultants worldwide. He is also the founder and CEO of Greater Prairie Business Consulting, Inc. For more information about Greater Prairie Business Consulting, Inc., go to:

www.greaterprairiebusinessconsulting.com.

 

Social Media Links:

www.LinkedIn.com/in/jamesjtalericojr

www.Twitter.com/JamesJTalericoJ

www.Facebook.com/search/top/q=small%20business%20expert&epa=SEARCH_BOX

www.Instagram.com/James_J_Talerico_Small_Business_Expert

 

 

 

 

News Media Interview Contact
Name: James J Talerico Jr, CMC (c)
Title: Founder & CEO
Group: Greater Prairie Business Consulting, Inc.
Dateline: Irving, TX United States
Direct Phone: 800-828-7585
Cell Phone: 972-816-1666
Jump To James J Talerico Jr - SMB Expert - Management Consultant Jump To James J Talerico Jr - SMB Expert - Management Consultant
Contact Click to Contact
Other experts on these topics