I TRUST that my readers are appropriately honoring October as National Cyber Security Awareness Month, sponsored by the U.S. Department of Homeland Security and the National Cyber Security Alliance.
Most headlines about Internet security breaches this year have focused on big retailers - Target, Neiman Marcus, Home Depot - and big banks like JPMorgan Chase. But small business may be even more vulnerable to cybercrimes like online identity theft, hacking or phishing.
In fact, the National Cyber Security Alliance says, one in three small businesses will fall victim to cybercrime each year, and 60 percent of those will go out of business within six months. The alliance also says 87 percent of small businesses have no formal cybersecurity plan.
Well, cybersecurity is not top of mind for many small businesses, said Norman Balchunas, coordinator of Drexel University's Cybersecurity Institute and director of strategic solutions at its College of Computing & Informatics.
"For a lot of small businesses, speed to market with a new app is what really gives them cachet," Balchunas said. "When you're developing an application with a small staff, security really isn't part of the thought process."
Other small businesses have different issues, Balchunas said.
"We see a lot of businesses that are older, not Internet-savvy and have not been overly concerned about their data," he said. "Criminals can do incredible reconnaissance on your small business and what your vulnerabilities are."
Experts say that every small business, especially those transacting business online, should have a cybersecurity plan that includes keeping computers clean, protecting information and having good anti-virus software.
Cybersecurity insurance is another consideration, and more small businesses - especially tech companies, financial firms and retailers - are getting policies. "It's not something that's been a priority in the past, but it's becoming increasingly critical," Balchunas said.
Balchunas said small businesses need to rethink cybersecurity. Instead of viewing it as an operational problem, it's a potential competitive advantage, he said. "In today's environment it's a great marketing tool to be able to say to clients and investors, 'Hey, we're going the extra mile and really protecting your data.' "
Drexel's Cybersecurity Institute can help small businesses. "You can come in here and we can take a look at what your vulnerabilities are," Balchunas said. "We don't do full-blown audits because there are plenty of businesses doing that. We can identify your holes and the types of things you need to clean up."
Drexel charges $500 to $1,000 for the mini-audits, to cover costs, Balchunas said.