The 5-step small business cybercrime survival guide

February 11, 2022

 The 5-step small business cybercrime survival guide
Business resources

Cybercrime is a deadly serious issue for small businesses.

Not only are nearly half of cyberattacks aimed at small businesses—at an average cost of over $25,000 per attack—but, as Cybercrimes Magazine notes, “60 percent of small companies go out of business within six months of falling victim to a data breach or cyberattack.”

To address this massive issue the Small Business Administration (SBA) recently announced “$3 million in new funding for state governments to help emerging small businesses across America develop their cybersecurity infrastructure.”

As pilot programs go, that’s no paltry sum. Yet in the context of the over thirty million small businesses account for more than 40 percent of GDP, it is a drop in the bucket.

It is clear small business owners are largely on their own.

With this in mind, Idea Financial reached out to Tom Kirkham, founder and CEO of Miami-based IronTech Security as well as the author The Cyber Pandemic Survival Guide, for his thoughts on where small businesses looking to effectively counter the threat—especially in the age of atomized, remote working—might invest.  

“It is an overwhelming issue,” Kirkham tells Idea, adding that threats evolve and grow at an average rate of 350 percent. “Many business owners feel like it is an IT issue but it’s actually a security issue. You need to consult with security experts. This basically means it is no longer do-it-yourself.”

So how can small businesses best protect themselves?

Here is Kirkham’s five-point advice for getting the process started…

1. Put a skilled security team in place

“That means an infosec specialist or cybersecurity expert that will monitor, respond, and stop cyberattacks,” Kirkham says. “The enterprise-grade automated tools can only do so much.”  

2. MFA as the rule, not exception

“You have got to use an MFA or multi-factor authentication everywhere that you can, especially remote desktop access,” Kirkham says. “A good password manager will manage all of your multi-factor authentication tokens for different websites.”

3. Deploy EDR

“An EDR stands for Endpoint Detect and Response,” Kirkham explains. “It is an entirely different class of security products that will replace your antivirus.” And why is this important? “[Cyber threats] have evolved in the past three or four years to include nation-state offensive cyber weapons being used against us,” he says. “These weapons are not detectable by anti-virus—they are enterprise-grade nation-state cyberwarfare components that are now part of criminal cyber hacking techniques. If you can buy it off the shelf in a box or download it from Amazon it is not adequate.”

4. Turn on storage encryption

“[M]ake sure that the data that is on your device is encrypted,” Kirkham says. “You do not want to donate, sell, or lose a computer that has unencrypted data because there are hackers that will gather up old used hard drives and mine them for data and do what they please with it.”

5. Evolve with the threat

“You’ve got to continuously incorporate new threat intelligence into your defenses,” Kirkham says. “You need to stay on top of geo-political events because those can impact all of us from a cyber standpoint. Staying on top of new threat technologies to adjust your defenses needed.”

Indeed, this is the story of IronTech Security: “Our company is a twenty-year-old MSP, dedicated to small and medium-sized businesses,” Kirkham says. “Basically, we are their outsourced IT but about five years ago, we evolved to where first and foremost we are an InfoSec or an MSSP, a managed security services provider… In a very real sense, we are first and foremost a cybersecurity company. IT is an add-on. This is the way business owners need to think about this and not the other way around. Thought leaders in this space are now seeing that you start with security and then you add on IT services to that. That changes the way you think about your business, your investment in IT, and your investment in security.”

Need a bit of extra funding to overhaul your own cybersecurity protocols? Idea Financial offers same-day approval on fast, flexible business loans and lines of credit of up to $250,000 with 36-month repayment terms so you can address these threats quickly and effectively before becoming a statistic.