Advice for SMBs: Focus on cybersecurity basics

Small and medium-sized businesses can best protect themselves against cyberattacks by following basic cybersecurity principles, says the head of a non-profit cybersecurity service.

“Don’t get worried about being a cyber professional – the basics solve most of the problems,” Philip Reitinger, CEO of the Global Cyber Alliance told a virtual conference on risk and cybersecurity Wednesday hosted by Mastercard.

“These are things small businesses can do: Turning on multifactor authentication and not using just passwords [for access]; patching your systems; using something simple like a protective DNS service, and backup your systems in a way that it’s not going to get damaged.

“If you do those simple things that won’t take more than an hour a month you’re going to be in much better shape, and significantly better protected than the people not doing those things.”

The Global Cyber Alliance offers a number of free tools such as checklists for SMBs, including a learning portal for understanding cybersecurity concepts.

A number of companies offer free DNS resolver services, he noted, which give “enterprise-class protection” against malware-based attacks.

During the two-day conference a number of Mastercard officials also noted the company offers free tools to credit card issuers and business customers such as SafetyNet, which monitors and deletes suspicious transactions, and ThreatScan, which scans a system for transaction-related vulnerabilities (for example, does your system validate buyers’ CVV codes on the back of their payment cards). The Mastercard Trust Center offers free general cybersecurity information for businesses.

Reitinger was on a panel discussing cybersecurity problems faced by SMBs.

Gina Ganahl, Mastercard’s vice-president of product management, noted 60 per cent of SMBs victimized by a cyberattack go out of business within six months of being hit. Only 14 per cent of SMBs rate themselves as “highly effective” at mitigating cyber risks and responding to attacks, she said.

The ”good news,” Ganahl added, is 95 per cent of breaches are due to human error, and 91 per cent start with phishing emails. “It means that so many of these attacks can be prevented, and small businesses can get in control of many of the risk factors that are caused by human error,” she said.

During a separate cybersecurity panel Kiersten Todt, managing director of Cyber Readiness Institute, which offers free cybersecurity resources for SMBs, said awareness training of employees is critical.

“We say cybersecurity in an SMB doesn’t go to the IT department. It’s every employee’s accountability and responsibility. It should be something that’s briefed when employees are onboarded to understand what the [security] basics are.

“Creating that culture of security is where evolution shifts, not just for small businesses but for larger ones as well.”

Lisa Lee, Microsoft’s chief security advisor and global lead for financial services clients, said organizations often don’t know how many free resources they can access online or through partners have to help improve their security maturity.

She also forecasts that because of the increasing number of cyberattacks the use by SMBs of virtual CISOs will “explode in the next couple of months” because they can’t hire full-time infosec professionals.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now