Whether you are a retailer or restaurant who is responsible for customer data or a business moving online for the first time the SBDC provides support for small companies to keep your business secure by offering one-on-one counseling, assessments, and webinars to learn how to protect your businesses from cyber threats.
Our team can work directly with very small business owners who do not have a managed IT service provider or who self-manage as well as provide professional suggestions and guidance to IT teams.
Current Cybersecurity Threats
Russia and Ukraine
The current Russian invasion of Ukraine has caused anxiety, financial impacts, and political actions around the globe. Loss of life and property have been confined to Ukraine so far but, the impacts are being felt around the world economically and logistically in companies large and small.
In addition to the economic impact in the U.S., there is a high level of concern regarding cyber-attacks. State-sponsored attacks on Ukraine are being used to disrupt everything from utilities, to banking, and communications. The tools being used to cause these disruptions are not always under the full control of the attacker. Many of the threats being released on Ukraine are capable of making their way around the world via the internet. It is also a distinct possibility that the U.S. and its allies could see an increase in targeted cyber-attacks should Russia decide to retaliate against those countries imposing sanctions.
The cybersecurity community is taking this threat seriously and we would ask the small business community to do the same. There is a real possibility that any small business could become the victim of a cyber-attack either directly or indirectly. To minimize the risk, small business owners should, at a minimum, do the following:
- Be more diligent about checking for unusual activity or performance issues on your devices and networks. This should include website traffic monitoring.
- Make a plan to incorporate regular backups if you have not done so already.
- Test a recent backup to make sure it works.
- Check anti-virus and all software (including any website plugins) for needed updates and patches.
- Incorporate a firewall or security monitoring software in your website and online store.
- Use a password manager with complex passphrases (16+ characters with random numbers, letters, and symbols).
- Use multifactor authentication
- Turn on or incorporate virtual private networks (VPN) when online.
- Familiarize yourself with your website/online store providers data breach policy to fully understand who is responsible for reporting any breaches that may incur as well as who is liable in the event your site becomes infected.
Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. StopRansomware.gov is the U.S. Government's official one-stop location for resources to tackle ransomware more effectively.
- Link to FB Live recording on Ransomware
Phishing and Social Engineering
Phishing is a type of cyber-attack that uses email or a malicious website to infect your machine with malware or collect your sensitive information. Phishing emails appear as though they’ve been sent from a legitimate organization or known individual. These emails often entice users to click on a link or open an attachment containing malicious code. After the code is run, your computer may become infected with malware.
Be aware of the most common scams such as phishing attacks, imposter scams, tech support scams, and more.
Identity Theft and Online Security
How to protect your Small Business from Identity Theft
While you cannot be guaranteed that you will not be impacted by a cyber-attack, you can dramatically reduce your chances of becoming a victim and substantially increase the speed of your recovery by following the above steps. Should you need more details or resources to assist with preparations, please contact your local SBDC offices and use the links below.
- CISA Shields-Up Notice and Guidelines: https://www.cisa.gov/shields-up
- Find a Local SBDC Office: https://americassbdc.org/find-your-sbdc/
- ASBDC Basic Cyber Awareness Resources for Small Business: https://americassbdc.org/cybersecurity/resources/
- FTC.GOV Cybersecurity for Small Business: https://www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity
- The Department of Homeland Security’s "Stop.Think.Connect" campaign
- SBA Cybersecurity Resources - Stay Safe from Cybersecurity Threats
- Cybersecurity Plans & Implementation for Small Business: https://www.sbdcnet.org/small-business-cybersecurity/cybersecurity-implementation-plans-small-business/
Cybersecurity: Key Terms
Familiarize yourself with Key Cybersecurity Terms.
Meet the Expert
Register for a One-on-one assessment with Cybersecurity expert, Quiana Gainey.
Quiana Gainey is a 20+ year IT & Cybersecurity industry veteran and has served as Chief Executive Officer for SecureTech360 located in Springfield, VA since its inception in 2010. Ms. Gainey has an extensive background in the IT industry, including information assurance, cyber-security and research/development for the Federal, State or Local government. She also founded MySecureKid in 2018 a 501C (3) nonprofit organization dedicated to diversity and inclusion in the field of cybersecurity, and information technology. Ms. Gainey has an MBA, a BS in Information Technology Management and Cybersecurity. Quiana is available to meet 1-on-1 to assess your small business cybersecurity needs. Sign up for a 30-minute session here.