1. 2.3.

Ann Arbor Spark

October 24, 2019

Five Ways Small Businesses Can Improve Cybersecurity

Did you know that October is National Cybersecurity Awareness Month?

This is a collective effort between government and industry to increase education in enhancing cybersecurity for personal as well as workplace settings. This year’s theme, Own IT. Secure IT. Protect IT. focuses on the protection of personal information, consumer device, and e-commerce security.

In recognition of National Security month, the We ARE Livingston event series (sponsored by the Howell Area Chamber of Commerce) had a panel discussion on cybersecurity to increase awareness of key issues. Questions were covered by a panel discussion of four industry experts, moderated by Rich Lamb from the Pinckney Cyber Training Institute.

Key Questions

How do you define cybersecurity for businesses?

Protection of computer, IT systems, and personal information from unwanted access, attacks, or malware.

What are the latest trends you are seeing?

Ransomware is a form of malware that encrypts files until the victim pays a ransom to unlock it.

Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization, or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer.

Both of these attacks can be costly as they require a specialized data recovery professional to correct and can be highly destructive to an organization. Additionally, there is no guarantee that paying a fee in the case of ransomware will recover the information.

Why should a small business like me be concerned with cybersecurity?

Sixty percent of small businesses go out of business once they are hacked and yet invest less than $500 annually to protect themselves. The message here is to be proactive.

  • Obtain cybersecurity insurance.
  • Know your vendors, data, etc.
  • Store your information on a secure server that is not connected to your live IT systems.
What are the first steps to protect my company, customers, and employees

Education and awareness are the first steps to protection.  STOP. THINK. CONNECT.™ is a global educational initiative to assist people around the globe in staying secure while online. Being aware while opening emails and surfing the web can help in preventing unwanted attacks.

What do you do when an incident occurs? What resources are available to small businesses when they are hacked (technical, legal, financial recovery, etc.)? Is having a disaster recovery plan enough?

One of the challenges with cybersecurity is that there are no standardized statutes —every state and around the globe there are different standards and laws. When things go wrong, our panel recommended two immediate actions: Contact a cybersecurity attorney and contact your cybersecurity insurance broker. It is important to have a cyber disaster recovery plan that covers processes such as who to contact, how to assess cost, business profit and loss impact, a public relations recovery plan, and a cyber incident employee communication plan and protocol.

Most importantly, it is important to have an employee-facing plan addressing cybersecurity. Now more than ever, not having a pro-active plan in place along with employee education leaves companies vulnerable to costly and stressful cyberattacks that can be devastating.

The good news is that there are many resources to help along the way and today is a great day to get started or revisit the cybersecurity systems/processes that your business has in place.

Resources

Panelists

Claudia Rast is a shareholder in Butzel Long’s Ann Arbor office, where she chairs the firm’s IP, Cybersecurity and Emerging Technology Group. Her areas of practice focus on domestic and international data privacy and security, data breach response, and technology licensing and protection. Co-author of a book entitled Cyber Incident Response Handbook due to be published in late 2019.

David Walker is president of Hartland Insurance Agency former member of the Michigan Association of Insurance Agents (MAIA) Technical Affairs Committee and current member of the Independent Insurance Agents and Brokers of America (IIABA) Technical Affairs Committee. Additionally, David is an active speaker across the united states on varying insurance-related topics. 

Luke Johnson is the senior systems engineer with 99 Technology Services. For the past eight years, he has specialized in network design and implementation for small to medium businesses.

Jack Martin leads the information technology team at Lake Trust Credit Union. Martin is a previous member of the Michigan Bankers Association and served on the Operations and Technology Committee.