Take a Step Back, Understand Cybersecurity Risks and Make Good Choices

The rising tide of cybersecurity threats and ransomware attacks impacts companies across the board regardless of size. But smaller companies are often not as well prepared to meet the challenges. They may lack experienced technical staff or the kinds of budgets strong cybersecurity measures require. Or they may be not as well informed on cyber best practices as their larger business peers. Fortunately, there are experts who can guide them.

Experts like Amira Armond, CEO of Kieri Solutions, a respected cybersecurity consulting firm. The challenges smaller companies face handling cybers threats are part of her everyday conversations with clients. She spoke at the recent NSR-ISR Information Security Symposium, along with Ashlee Breitner, Managing Director of the University of Michigan’s Economic Development Institute, and Lesley Ma, Vice President and Chief Information Officer at NSF.

The theme of the symposium was the importance of building a culture of information security compliance and certification within companies to protect the vital information flowing through the nation’s digital supply chain. Speakers at the symposium addressed the compelling need for companies to recognize the risks and understand that no industry is immune. They all feel strongly that the current cybersecurity landscape requires firms to take an “all hands on deck” approach.

Armond has seen it all and suggests a simple, direct strategy. “I recommend taking a step back and really understanding the risks that your company faces and the likelihood of cyber threats,” she says. “It's going to drive you to make good choices for your cybersecurity. Which may still mean using multifactor authentication, but at least it helps you make an intelligent decision. And that’s going to be more valuable than just meeting compliance requirements.”

Her symposium partner Breitner offered a related insight. Smaller companies often think that ransomware attacks are something that happens only to bigger companies. Not so. “About two years ago, a small industrial complex with a dozen manufacturers we work with in rural Michigan got hit with ransomware attacks. All of them had to shut down for two, three weeks, except one. That was the one we had been working with on security because they’re a defense contractor.”

Symposium colleague Lesley Ma shared this advice for small business owners learning how to upgrade their information security. “Well, I think security is like a good marriage. You have to work hard at it all the time and utilize all the resources that Ashlee mentioned. Do that, and I’m sure you’ll be able to gain the confidence to take that first step and ask for help. And there’s a lot of help available.”

Breitner pointed to government programs designed specifically to help small businesses improve security practices. “Do research on the resources available,” she says. The federal government is investing a lot of money in grant programs and training resources to help companies achieve security compliance. Do your homework, reach out to local and state resources, and make sure you’re using those resources. They’re there for you. So take advantage of them.”

Armond summed up with a cold, hard fact often overlooked in discussions on security challenges smaller companies face. “The last thing I would say is that with a small business, if there is a cyberattack, often the owner is directly involved. That’s your finances. If you get hit by ransomware and your company goes bankrupt, it’s not some shareholder that’s affected; it’s you the owner. It’s your business and your kids’ college tuition. That’s why it’s important.”