THE NEED
Small businesses in North Carolina and beyond are at risk for cyber breaches now more than ever. Whether a company has a webpage, an online database or a wirelessly connected manufacturing line, they should consider cybersecurity. Theft of digital information is the number one reported fraud and small businesses are responsible for protecting themselves, their customers and their partners.
TOP TRENDS
Ransomware
Although not a new security issue, ransomware is now a leading attack category that threatens businesses, big and small. Ransomware holds an organization’s (manufacturer, business, hospital, school, local government) data hostage until money is paid to the hacker.
The Fix: Ransomware risks are reduced with good security practices and training. Learn more about ransomware »
Supply Chain and The Internet of Things (IoT) Breach
IoT has become a cornerstone of the supply chain and small businesses are in the middle. Hackers want to breach supply chains because they know there are lots of players (businesses) who are willing to pay and like most connected systems, there is usually a weak link. IoT devices are beginning to outnumber employees in most manufacturing settings, so the need for protection is growing.
The Fix: Combating IoT and supply chain hacks start with strong passwords and multi-factor authentication (MFA), and avoiding cross-contamination by limiting external access. Learn more about supply chain security »
Cloud Adoption
Cloud computing has grown into a standard choice for small businesses due to lower costs, flexibility of size and services and ease of management. Moving to the cloud has been a big benefit but comes with challenges, including security. Some cloud providers offer built-in tools, while others charge extra or require users to configure proper security controls. When data lives in the cloud, small businesses have less oversight, less control and less awareness of their data security.
The Fix: Keeping safe in a cloud computing environment requires oversight, full awareness of the protections in place, and continuous management. Learn more about cloud security »
RESOURCES
IES Regional Managers will connect you with the right resources, regardless of the size or complexity of their cybersecurity needs, for example,
- The Cybersecurity & Infrastructure Security Agency (CISA) maintains a series of training tools designed specifically for small and medium-sized businesses. The materials are free, geared towards non-technical customers, and can be used to start the journey toward better cybersecurity. https://www.cisa.gov/uscert/resources/smb
- The NIST Small Business Cybersecurity Corner is a hub for free training, tools, case studies and other materials that small businesses can use. The site is easy to use and filled with helpful resources. https://www.nist.gov/itl/smallbusinesscyber
- Global Cyber Alliance offers a full training course on cybersecurity for small businesses. This free, three-week (self-paced) series includes everything from understanding cyber risk, to protecting accounts with strong passwords and multi-factor authentication. https://gcatoolkit.org/cyber-basics-for-small-businesses-training/
- To safeguard sensitive national security information, the Department of Defense (DoD) launched Cybersecurity Maturity Model Certification (CMMC), a comprehensive framework to protect the defense industrial base’s (DIB) sensitive unclassified information from frequent and increasingly complex cyberattacks. With its streamlined requirements, CMMC 2.0:
- Simplifies compliance by allowing self-assessment for some requirements
- Applies priorities for protecting DoD information
- Reinforces cooperation between the DoD and industry in addressing evolving cyber threats
