Did you know that 43% of cybercrime targets small businesses? There has been significant growth of cybercrime against small companies since 2020; the rate of cyber attacks against small businesses has risen over 424% (Shepherd). Nearly 80% of IT security leaders do not have confidence in cyber protection within their organizations. (78% Lack Confidence) Perhaps you are among those nearly 80% and hopefully, you are among the 59% who are planning to increase your company’s cybersecurity posture. Cybersecurity starts with the ability to recognize your cyber risk.
Everyone has a level of cyber risk. Cyber risk varies based on your assets. The digital saving of critical data, information, ideas, processes that you work with and store are all at risk of being attacked. As the data shared in the paragraph above suggests, the likelihood of a small business being attacked grows and can no longer be considered negligible. Attackers may be looking for anything from personal identification information for identity theft to ways to use your network to get into the supply chain for any large organization or government department with which you work. So, the areas within your cyber risk profile that you will have the most control over are your system’s vulnerabilities and the security controls that you have in place to mitigate them.
As you consider your cyber risk, bring together a team within your organization to help answer the following questions:
- What are the assets that you need to protect? What are your critical data, information, ideas, and processes?
- Where is that information stored? Which servers and what is their location physically and on your network map?
- Are any of these servers with critical information and asset data connected to the Internet and visible?
- Are all of your servers up-to-date with the latest patches and updates?
- Is your data encrypted?
These questions will help you identify vulnerabilities and any controls that you already have in place. The answers to these questions will help you determine what additional rules you may need to start with to address your cyber risk better. There are multiple frameworks, standards and control policies to help you when you are ready to go further. One organization that provides these tools is the National Institute of Standards and Technology (NIST). NIST hosts a Small Business Cybersecurity Corner for any small business that wants to learn more about cyber risk.
NC State Industry Expansion solutions provides free Cybersecurity Awareness and Education online courses to you help combat your cyber risks.
78% Lack Confidence in Their Company’s Cybersecurity Posture, Prompting 91% to Increase 2021 Budgets. Yahoo Finance. https://finance.yahoo.com/news/78-lack-confidence-company-cybersecurity-153000182.html?guccounter=1
Shepherd, Maddie. 30 Surprising Small Business Cyber Security Statistics (2021). Fundera. https://www.fundera.com/resources/small-business-cyber-security-statistics
Katherine Bennett leads the Instructional Design team for NCMEP partner NC State Industry Expansion Solutions. She also serves as project manager for instructional design services. Katherine plays a key leadership role in supporting the IES goal of providing instructional design and development expertise that complements the field-specific expertise of IES partners, while meeting the learning needs of target audiences. Katherine holds a bachelor’s degree in Computer Science from the University of North Carolina at Charlotte and a master’s degree in Instructional Technology from East Carolina University.