Michael Caliendo: Meeting the cybersecurity challenge for small and midsize businesses

Keywords Opinion / Viewpoint

Small and medium-size businesses are the engines of economic prosperity on both a local and national level. According to a 2019 report from the U.S. Small Business Administration, these businesses generate 44% of U.S. economic activity.

In Indiana, there are nearly 530,000 small businesses, which represent 99.4% of Indiana businesses. Battling back from the impact of the global pandemic, small businesses are now dealing with the added challenge of how to shore up cybersecurity.

While it might seem a daunting task, growing businesses would be wise to protect themselves now and take advantage of the same kinds of resources growing enterprises use.

In a 2021 survey of small-business owners, CNBC found that more than half were not concerned about being the victim of a cyberattack. The reality is, such businesses are at considerable risk of cyberattacks like phishing efforts, malware and ransomware.

The government’s Cyberstructure & Infrastructure Security Agency reported that, in 2021, 70% of ransomware attacks were levied against businesses with fewer than 500 employees.

Small businesses are ripe targets for a number of reasons: They frequently lack the level of protection large businesses have, they are gateways to attack larger companies (through supply chain access), and they deal in valuable personal data.

While threat levels are rising, so is business vulnerability. Migration of more business functions to the cloud and the explosion of remote work as a result of the pandemic both create significantly higher risk for attacks.

Small businesses are not only more vulnerable to cyberattack, they are also likely less equipped to withstand the impact of an event. According to IBM’s latest data, the average cost of a data breach to a business under 500 employees is up to $2.74 million. Even smaller incidents have a dramatic effect on the bottom line, incurring lost revenue and damaging customer trust and repeat business.

Today, a small or midsize business that has worked tirelessly and methodically to grow—by expanding its employee base, its geographic footprint, its technology capabilities and more—could be devastated by a single cybersecurity incident.

But finding solutions is no easy task. Many small businesses do not have substantive in-house tech expertise, and finding security experts for hire is growing increasingly difficult as the industry experiences a cybersecurity talent shortage.

Increasingly complex networks and cloud operations render entry-level solutions like simple software, or even some outsourced tech support, insufficient to protect a burgeoning enterprise. And cost is always a crucial factor for small businesses that frequently maintain slim margins as they grow.

In better news, basic best practices are not costly, and more advanced cybersecurity resources are no longer one-size-fits-all solutions crafted for larger enterprises. A few immediate steps small and medium enterprises can take to fortify defenses include: making sure all software is up to date, conducting regular security trainings for employees to enhance their awareness of risks, establishing a virtual private network (VPN) and requiring two-factor authentication and regular password changes.

For a more thorough cybersecurity solution, hiring a third-party service provider is a smart choice. Aware of the increasing risk to businesses, reputable managed security services providers now offer solutions tailored specifically with the needs and budget of smaller enterprises in mind.

A security service provides 24-hour-a-day support, seven days a week, with a team of security professionals who are up to date on the latest threats and mitigations. They will ensure a network is optimized for security, monitor the network for potential problems, and spring into action to address security threats or breaches to minimize harm. They can also automate compliance and reporting functions, such as PCI (credit card transaction security) or HIPPA (patient information security).

The right security service, experienced in serving large, distributed enterprises, has great depth of talent and expertise and can also provide the affordable, flexible, scalable solutions smaller enterprises prefer.

Some providers even bundle backup connectivity with ongoing security so that businesses will always have a strong connection to access cloud-based applications and preserve the ability to process transactions.

At any time, as business and network requirements grow, a security service can advise and adapt a cybersecurity solution to fit the business needs. A partnership with a security service eliminates the pressure to hire internal cybersecurity talent and allows businesses to focus on the growth and transformation of their enterprise with peace of mind.

The threat of cyberattack is real for businesses large and small alike. But the cybersecurity industry is evolving as well. With solutions geared to businesses of all sizes, a security service can serve as a personal cybersecurity SWAT team to eradicate threats before they exact a painful cost.•


Caliendo is a senior enterprise account manager at Hughes Networks Systems.

Please enable JavaScript to view this content.

Story Continues Below

Editor's note: You can comment on IBJ stories by signing in to your IBJ account. If you have not registered, please sign up for a free account now. Please note our updated comment policy that will govern how comments are moderated.