Cybersecurity, Part II

by Tyler Raymie

Last time, we looked at some reasons to start thinking about cybersecurity for your business. You may have found yourself asking, “Ok, how can I protect myself?” Below is a high-level overview of three fundamental aspects of cybersecurity, as well as some resources for further study. This technology doesn’t take a genius to understand, just a little patience and willingness to learn. Your business’s survival may depend on it.

 

Firewalls

“Firewall” may be a term we are all familiar with, but many of us don’t know what exactly a firewall is. According to cisco.com, “A firewall is a network security device that monitors incoming and outgoing network traffic based on a defined set of security rules.” Basically, a firewall will use filters to keep certain pieces of information out of your network. Most firewalls will let you choose which filters you want. In a post on their website, Comodo explains that firewalls can be configured to “prevent access to certain websites,” “prevent employees from sending certain types of emails,” and “prevent outside computers from accessing computers inside the network.” Some operating systems have firewalls built-in, including Mac OSX and Microsoft Windows. According to Microsoft, setting up a firewall is “the most effective and important first step you can take to help protect your computer.”

Firewalls can often act as your router, and even have “more advanced features that are designed to offer a superior level of [defense],” as opposed to a normal router, according to Manx Technology Group. For this reason, they recommend a firewall for a small business, rather than a traditional router. MTG goes on to list various features you will want when choosing a firewall. These include:

  • “Internet connection support”
  • “Wireless support”
  • “Antivirus”
  • “Intrusion Prevention Service”
  • “Web filtering”
  • “Reporting”
  • “Virtual Private Networks (VPN)”
  • “Technical support”

Popular vendors of firewalls include Cisco, Fortinet, and Sophos.

 

Antivirus software

Geeks On Site offer the following explanation of antivirus software: “Antivirus software, sometimes known as anti-malware software, is design to detect, prevent and take action to disarm or remove malicious software from your computer such as viruses, worms, and Trojan horses.” They go on to list the three scanning detection processes antivirus software uses:

Specific Detection, Generic Detection, and Heuristic Detection. Specific Detection “works by looking for known malware by a specific set of characteristics.” Generic Detection “looks for malware that are variants of known ‘families,’ or malware related by a common codebase.” Heuristic Detection “scans for previously unknown viruses by looking for known suspicious behavior or file structures.”

In a March 2007 article for TechRepublic, Erik Eckel lists 10 thing to look for in an antivirus application. These were:

  • “Potency”
  • “Low overhead”
  • “Centralized administration”
  • “Email protection”
  • “Compatibility”
  • “Effective reporting tools”
  • “Technical support”
  • “Certification”
  • “Simplified licensing”
  • “Reasonable cost”

Techradar offers suggestions on which antivirus software to use for your business: http://www.techradar.com/news/best-business-antivirus-8-top-paid-security-tools-for-small-businesses

 

Data backup

Losing data can be the ultimate business killer. According to atlantatech.net, “the cost of lost or stolen data access is estimated at $1.7 billion per year,” industry-wide. Backing up your data is the simplest step you can take to avoid these huge costs. In a 2014 article for CIO, Paul Mah advises that businesses use the “2+1” strategy. “For critical data,” he says, “businesses should make two full copies, maintained on separate physical devices. In addition, a third copy should be kept offline, preferably stashed at another location.” He points out that having one copy in a different location “protects a business from fires, floods and other localized natural disasters.”

Cloud backup solutions are gaining traction among small business owners these days, with companies like Carbonite, CrashPlan, and Backup Blaze being major players in the field. The previously mentioned Atlanta Tech article gives the following as factors to consider when choosing a cloud backup provider:

  • “Is Public, Private, or Hybrid Cloud the Best Bet for Your Business?”
  • “Which Type of Backup Schedule is Best for You?”
  • “Do They Offer Sufficient Flexibility for Your Storage and Scalability Needs?”
  • “How are Their Uptime Guarantees?”
  • “Do They Offer Sufficient Data Security and Compliance?”
  • “Do You Have Adequate Bandwidth?”
  • “Is There an Opportunity for Unified Business Communications?”

While cloud backup is the hip thing to use, Paul Mah recommends tape storage technology for your backup.

There are plenty of options out there for Cybersecurity. It all may seem a little overwhelming at first, but the important thing to do is educate yourself. Below, I’ve listed some resources that can be very useful in learning what security you need, how that security works, and what the options available are. Be sure to check them out, and ask your SBDC counselor about the Cybersecurity Workbook.

For further reading:

https://www.cio.com/article/2378019/small-business/how-to-build-a-storage-and-backup-strategy-for-your-small-business.html

https://www.techrepublic.com/article/10-things-to-look-for-in-an-antivirus-application/

http://www.techrepublic.com/blog/10-things/10-things-to-look-for-in-a-hardware-based-firewall/

https://www.comodo.com/resources/home/how-firewalls-work.php

Cybersecurity, Part I

by Tyler Raymie

Why should a small business need to worry about cybersecurity? Sure, there are hackers and data thieves out there, but they only go after big corporations, right? Some of the numbers regarding the threat to small businesses may surprise you. While you shouldn’t let these statistics paralyze you, or shy away from the competitive advantage technology can provide, you need to be aware of the risks that exist. Let me outline for you why you need cybersecurity, and give you some numbers for perspective.

Organizations are relying more and more on cloud services. While this provides extra convenience, it is also a great target for potential hackers. Additionally, any device connected to the internet can be attacked. Munichre.com reports that “one-third of U.S. consumers experienced a computer virus, hacking incident or other cyber attack in [2016].” Clearly, attackers are more active now that they know the pool of potential victims is growing. Not only that, but they know that businesses are viable targets as well. On October 31 of last year, nudatasecurity.com reported that “64% of companies have experienced web-based attacks.” Unfortunately, the increased convenience and capabilities that come with cloud storage, digital technology, and the like, also bring increased risk in the form of viruses, ransomware, and data breaches.

These attacks can damage your business in any one of a number of ways. The most prominent form of damage among small businesses, however, is financial. A 2015 report by juniperresearch.com estimated that “the average cost of a data breach…will exceed $150 million by 2020.” Now, this number is inflated by the cost of breaches to major corporations. Still, a recent Poneman Institute study revealed that small businesses (less than 1,000 employees) spent an average of $879,582 recovering from data breaches (between May 2015 and May 2016), because of theft or damage. Also, revenue losses among businesses breached averaged $955,429. This can be absolutely devastating for your business. According to the study, 60% of small businesses who experience these attacks go out of business within six months.

At this point, it may seem obvious that there is a serious threat to small businesses from cyber attackers and data thieves. According to smallbiztrends.com, “43% of cyberattacks target small businesses.” That number is staggering, considering the number of large firms and individuals who could be targeted instead. In a June 2, 2017 article for Business News Daily, Sammi Caramela observed that “The…reason small businesses make such appealing targets is because hackers know these companies are less careful about security.” Most small business owners underestimate the threat to their businesses. As Caramela points out, “small businesses fall into hackers’ cybersecurity ‘sweet spot:’ They have more digital assets to target than an individual consumer has, but less security than a larger enterprise.”

You don’t have to live in fear of a cyberattack on your business. But you shouldn’t be naïve either. Next week, we’ll go over some valuable tools you can use to protect your business.

Also, be sure to get the Cybersecurity Workbook from your SBDC Adviser.

Iowa City Entrepreneurs are SBDC Award Winners

Contacts:
Tricia Janes, Iowa SBDC, (515) 294-5595, triciaj@iastate.edu
Paul Heath, University of Iowa SBDC, (319) 335-3742, heath@uiowa.edu

Iowa City, Iowa– The Iowa Small Business Development Center (SBDC) is pleased to announce that David Schwindt, owner of L8NT, Iowa City, is the winner of the SBDC’s Business of the Month Award.

Paul Heath, regional director of the University of Iowa’s SBDC, Iowa City, says the following about David, “He is an innovative entrepreneur who is an Iowa City police officer by day and a developer by night. He has developed a process for finding stolen cell phones, laptops, game consoles- any wi-fi enabled device.”

Schwindt’s software is designed to run “behind the scenes” on computer systems already installed in squad cars to detect signals of stolen devices within a few hundred feet away. “It’ll pop up on the screen notifying (officers) what the device is, what agency entered it, any notes on the case, and it’ll open up a Google Maps system where it will start plotting pins on the map.”

Due to Cloud technology, each department running the L8NT software has access to the database of known stolen items. Johnson Country Sheriff Lonny Pulkrabek remarks, “Somebody could come here from Washington, D.C. that has a stolen device and all of a sudden we’ll see that it’s popping up in small town Iowa.”

The Iowa SBDC Business of the Month Award will be presented to David Schwindt in Iowa City by SBDC Regional Director Paul Heath. For more information on L8NT, visit their website at https://www.latentwireless.com.

The Iowa Small Business Development Center program is an outreach program of Iowa State University’s College of Business. Partially funded by the U.S. Small Business Administration, the organization has 15 regional assistance centers located strategically across the state. Since program inception in 1981, the Center has helped hundreds of thousands of Iowa businesses and entrepreneurs through no cost, confidential, customized, professional business counseling and practical, affordable training.

For more information on Iowa Small Business Development Center programs or services, call (515) 294-2030 or visit www.iowasbdc.org.