Papers

Afficio Undergraduate Journal


Memo: Information for Your “Data Security for Small Business” Presentation

Winner, Upper Undergraduate Business
Author: Alexa McMillan


Date:               March 16, 2020

To:                   Richard Morrie, Office Manager

From:               Alexa McMillan, Office Assistant

Subject:           Information for Your “Data Security for Small Business” Presentation

As you requested, here is the information I gathered for your presentation for the Atlantic Canada Entrepreneurs’ Organization.

The purpose of this report is to identify and discuss the main cyber security threats and their potential solutions for your “Lunch & Learn” presentation. You can use this information to prepare your slides for the presentation. This report is based on data-security trade journals and magazines, including KMWorld and Canadian Underwriter.

Data security is very important to small businesses. I’ve identified the main threats to cyber security to be human error, technical vulnerabilities, and the theft of personal information. First, I’ll discuss the role of human error in data breaches and how to limit its effects. Next, I’ll describe the role of technical vulnerabilities in cyber security and how to minimize them. Then, I’ll explain how information is stolen and how to keep it safe. A summary of my findings concludes the report.

The Importance of Cyber Security in Small Businesses

A key point to discuss with your audience is the importance of cyber security to small businesses. Cyber security, in general, is becoming an increasing concern in business. For example, Media Planet reports that “ransomware attacks have increased 250% since 2016” (Media Planet as cited in Jardine, 2018). It is important for your audience to understand that they are also vulnerable, despite being small business owners. In fact, Judith Lamont (2017), a writer for KMWorld, suggests that small businesses are more likely to suffer from cyber-attacks than large firms because they are less equipped to deal with attacks effectively. A cyber-attack can be devastating to a small business because lost data or finances can force them out of business (Lamont, 2017).

The Role of Human Error in Data Breaches

Human error is a key threat to cyber security. According to Stu Sjouwerman (2020), CEO of KnowBe4 Inc., human error is linked to 99 percent of cyber security breaches. In these attacks, social engineering techniques are the main cause of human error. Lamont (2017) defines social engineering as “persuading or manipulating people” into granting access to a computer system. Often, this is accomplished through email phishing, defined by the Canadian Centre for Cyber Security (2018) as emails that trick employees into providing identifiable information like usernames and passwords.

Once you have discussed the threat of human error, you can recommend using employee awareness training to minimize these errors. When employees are more aware of the threats that they face, they are more equipped to defend themselves. Sajay Rai and Philip Chukwuma (2016) of Securely Yours LLC suggest that employee training programs should cover phishing awareness, including a simulation component to help employees test their detection abilities.

The Role of Technical Vulnerabilities in Cyber Security

In addition to human error, technical vulnerabilities are a significant threat to cyber security. According to the Canadian Centre for Cyber Security (CCCS) (2018), technical vulnerabilities are physical, referring to hardware vulnerability, and operational flaws in a company’s computer system that allow hackers to access the system. CCCS also states that backdoors, which are entry points for troubleshooting, can be exploited by cybercriminals to access a computer system and install malware to steal information (Canadian Centre for Cyber Security, 2018). Small businesses are less equipped to protect themselves (Jardine, 2018); they may be less prepared to withstand cyber-attacks because they have fewer staff and financial resources to build a defense system. As a result, small businesses tend to have more technical vulnerabilities.

To reduce the impact of technical vulnerabilities, you can suggest that the small business owners scan for vulnerabilities regularly. Rai and Chukwuma (2016) recommend that companies conduct quarterly scans of their networks to check for vulnerable entry points. They also recommend equipping all endpoint devices, such as laptops, with anti-virus and anti-malware software (Rai & Chukwuma, 2016). Such protections are affordable ways for small businesses to minimize the risk of cybercriminals accessing their systems.

The Risk of Information Theft in Cyber Security

Technical vulnerabilities can lead to a risk of information theft. Neal Jardine (2018), the Cyber Practice Leader for Crawford & Company (Canada) Inc. suggests that cybercriminals target credit card numbers, intellectual property, and personal information. Jardine also states that the theft of this information can lead to a number of problems, most commonly credit card breaches and identity theft (Jardine, 2018). Such problems are concerning for small businesses because they often cannot afford to pay for the repercussions of the lost information.

To minimize the risk of information being stolen, small business owners should implement specific security measures. For example, Rai and Chukwuma (2016) recommend building up a layered defense with multiple firewalls to make stealing information more difficult. Moreover, reducing human error by training employees will help keep data safe.

Summary

Cyber security is an issue that impacts small businesses even more than large firms, due mainly to human error, the presence of technical vulnerabilities, and the theft of information. I have also identified solutions to these threats: human error can be minimized through employee training programs; the theft of information can be reduced through added security measures; and technical vulnerabilities can be minimized by scanning networks and installing anti-malware software. This information may serve as the basis for your presentation on data security for small businesses.

I am available this week to help you prepare for your presentation. I can help prepare your slides, as well as give you feedback on your talking points.

 

References

Canadian Centre for Cyber Security. (2018, December 6). An introduction to the cyber threat environment. https://cyber.gc.ca/en/guidance/introduction-cyber-threat-environment

Jardine, N. (2018, December). How to protect small business: Developing a cyber response plan is critical for SMEs. Canadian Underwriter85, 45–46. https://www.canadianunderwriter.ca/features/how-to-protect-small-business/

Lamont, J. (2017, February). Cybersecurity: Practical advice for SMBs. KM World26(2), 6–7. https://www.kmworld.com/Articles/Editorial/Features/Cybersecurity-practical-advice-for-SMBs-115898.aspx

Rai, S., & Chukwuma, P. (2016, December). Must-have controls for SMBs. Internal Auditor, 73(6), 16–17.

Sjouwerman, S. (2020, February 4). Five security warnings for 2020. Forbes. https://www.forbes.com/sites/forbestechcouncil/2020/02/04/five-security-warnings-for-2020/