How small businesses can prevent costly cybersecurity attacks

5 years ago

PRESQUE ISLE, Maine — In Aroostook County the prevalence of small businesses might lead many people to believe that devastating cybersecurity attacks on computer data cannot be as likely to occur as those that target large companies.

 

But Fred Strickland, the recently hired assistant professor of cybersecurity at the University of Maine at Presque Isle, wants everyone to know that small businesses are especially vulnerable to online hackers looking to steal software and network data, personal and financial information.

“Fifty-eight percent of all data breaches happen at small businesses,” Strickland said, while presenting at the Central Aroostook Chamber of Commerce’s Eggs and Issues breakfast series on Feb. 5.

Many small businesses, he noted, have “bare bones operations” with a smaller number of employees and one computer and WiFi network. But since the internet has the ability to connect people regardless of what state or country they are in, hackers can easily target small businesses that might not have the resources to hire an information technology specialist.

While the average cost of all cybersecurity attacks is $200,000, small businesses with 10 to 49 employees have lost $41,269 in recent years. Slightly larger businesses of 50 to 249 employees have lost an average of $48,686 and those with 250 to 1,000 employees have lost $64,085.

“On average, 40 percent of small businesses are able to survive a cybersecurity attack while 60 percent go out of business within six months,” Strickland said.

More than a dozen local business and education officials attended Strickland’s presentation on Wednesday, during which he outlined many steps businesses can take to prevent cybersecurity attacks.

One of the most common ways for hackers to obtain financial and personal information is through ransomware emails. Hackers use a fake email account to send messages promising a reward or benefit for the recipient if they click on a link. Such links could include promises for free coupons, requests for cash money or donations or other similar requests. If someone clicks on an illegitimate link, the ransomware infects computer software and allows hackers to steal information.

Stickland said that some of the clues people can use to detect fraudulent emails and links are email addresses that are unfamiliar and contain consistent misspellings and grammar errors in the email message. If someone views an email that is suspicious, they should not click on any links or open attached documents.

To further protect their information, Strickland advised business owners to install antivirus software and create passwords that are at least 12 characters in length and do not contain words or phrases hackers can easily steal. Examples of weak passwords include “123456,” “Password,” “12345678” and “1234.” 

“It’s also good if you’re able to hire someone with IT expertise or a third-party service provider,” Strickland said. 

With the University of Maine at Presque Isle’s new program in cybersecurity, which began in fall 2019, the region has potential to grow its numbers of qualified IT specialists, who can either work as staff for businesses and companies or serve as an IT consultant for businesses who cannot afford a staff position.

The university welcomed 10 students into the cybersecurity program last fall and currently expects to see at least 10 more new students enter the program in fall 2020. The university will also launch a new degree program in computer science this fall.

“Our students will be learning about computer science, programming, data structures,  information security and cyber forensics,” said Strickland, as he listed some of the subjects offered through the current cybersecurity program. 

As the cybersecurity program begins to grow, Strickland’s goals include working with businesses to set up student internships and discuss what skills students should graduate with in order to help businesses succeed.

“Small businesses need individuals who can wear two or three different cybersecurity hats in their day-to-day work,” Strickland said. “I want to have discussions on how exactly we could be preparing our students for these jobs.”