Industry executives and experts share their predictions for 2021. Read them in this 13th annual VMblog.com series exclusive.
Small Businesses Must Increase Investment and Education Around Cybersecurity in 2021
By Chris Wayne, CTO, Yahoo Small Business
With the recent
high-profile cybersecurity attacks, one might assume that a small business
would not be a "worthwhile" target for cybercriminals. In reality, bad actors consider
small businesses easy targets: low-hanging fruit used to target not only the business's
data and infrastructure, but also its customers and even suppliers. Verizon's 2020 Data Breach Investigations Report revealed that 43% of
cyberattacks specifically target small businesses. With
the influx of small businesses getting online in response to the COVID-19
pandemic, opportunities for cybercriminals to find exploitation are increasing.
In 2021, small business owners must learn to better understand cyber risks and take
action to protect their businesses.
Digital
transformation in 2020
COVID-19 accelerated digital transformation in the small business sector, as it became
paramount to survival. Whether that included setting up a secure
remote work infrastructure or developing an online presence to enable
e-commerce sales, COVID-19 led to a boom in the online ecosystem. This online
migration will continue in the new year, and with it will come more
opportunities for those with malicious intentions to identify vulnerabilities
and attack. For non tech-savvy small business owners or leaders, this poses
significant risks; lack of prioritizing cybersecurity and good cyber hygiene
has the potential to bring down an entire business. This has amplified the need
for cybersecurity tools, resources and education.
Prioritizing cybersecurity in 2021
How can small business owners become more cyber resilient in the
new year? Where should they increase investment to help avoid, mitigate, and
recover from cyberattacks? Here are three tips small business leaders can
leverage to protect against and recover from cybersecurity attacks.
1. Invest
in employee education and training. Employees are the first line of
defense against many cybersecurity issues; without education and training, they
can pose the greatest risk to a business. However, with adequate training and proper
processes in place, employees can be transformed into cyber-defenders. Providing specific training
for jobs where employees have access to customer or supplier data is key, in
addition to mandatory training and education on important issues such as
spotting suspicious activity, and business procedures such as data retention
policies.
2. Adopt security tools and software. Leveraging security tools and software is an effective way to
help protect against, mitigate, and recover from cyberattacks.
- Adopt IT management software to detect
anomalous behavior.
- Invest in malware removal and
protection software.
- Implement additional layers of
security such as multi-factor authentication.
- Use a virtual private network (VPN) and
ensure data backup strategies are in place.
- Get an SSL Certificate.
3. Outsource to, or work with, a trusted partner company. For small businesses that may not have dedicated IT staff,
outsourcing security management or working with a partner company can be a
strategic way to maintain good cyber hygiene and become cyber resilient. Cyberattacks
against small businesses can be especially devastating, as they may not have
the same resources to prevent, combat, or recover from cyberattacks as large
enterprises. With increasingly sophisticated attacks, keeping data safe is
becoming more difficult and even more critical.
Looking ahead to 2021
In 2020, the boom in the online ecosystem increased
the need for robust cybersecurity strategies. As small businesses continue to
digitally transform, there will be more opportunities for bad actors to find
exploitation. Rapid digital transformation should not be
done at the expense of maintaining good cyber hygiene. Investing in employee education and training, adopting
security software and tools, and working with security advisors or partner companies
can help small businesses uphold cybersecurity in the new year.
##
About the Author
Chris Wayne is the Chief Technology Officer at Yahoo
Small Business, where he oversees
engineering, production operations, support and more. Chris joined Yahoo in
2004 as a manager at the HQ Desktop Support, became the Chief Information
Officer for Yahoo Small Business in 2015, and the Chief Technology Officer in
2018. He is a certified Data Center Management Professional (CDCMP). Prior to
joining Yahoo Small Business, Chris was a combat engineer for the 82nd Airborne
Division for the U.S. Army.