Business owners and government IT execs listened to cybersecurity experts from the state and national Homeland Security offices in Pennsylvania this week.
The message was simple:
“Even small businesses are readily and regularly targeted by hackers seeking either money or mayhem. It’s a matter of when, not if,” reporter Jane M. Von Bergen writes in this Philly.com story about the event.
The gathering took place at the Montgomery County Public Safety Training Campus in Conshohocken.
Gary Wider, the lead information technology support person at Craft-Bilt Manufacturing, explained to the reporter what it felt like last year when he figured out malware had attacked the company’s computer system.
“Panic ensues. Your blood pressure goes up very quickly,” Wieder remembered.
Thankfully the business, which manufactures awnings, sunrooms and patio rooms, had a good backup system so the malware ended up causing more inconvenience than disaster.
The speakers, including Marcus L. Brown, the director of the Pennsylvania Governor’s Office of Homeland Security, advocated that small businesses take protective measures, in part because they don’t generally have the resources to recover from a massive data breach. He also talked about the various ways hackers can enter company computers, be it through IoT devices, outside vendors, and emails to and from customers and/or suppliers.
Erik Avakian, chief information security officer for the Commonwealth of Pennsylvania’s Office of Administration, advocated that companies create a culture of cyber hygiene at work where they routinely teach employees how to spot threats.
Another topic discussed included ransomware attacks, which have been aimed at businesses more and more of late.
“Small businesses should start by analyzing what data they have and who has access to the data, he said, drawing the parallel between that exercise at work and what a homeowner might do, such as photographing valuables in case there is a burglary. If it is difficult for security or IT people to persuade company owners to invest in analysis and prevention, he suggests drawing a cost-benefit analysis,” according to the story.
“At Tuesday’s seminar, estimates of the costs ranged from $125 to $205 per hacked record – that includes legal help, compliance and notification, defense against lawsuits, IT consulting to stop a data breach, consulting to recover data, crisis communications, and new systems. And those are just the quantifiable costs. Loss of customer trust is harder to measure.”
Is your business covered for a data breach?