Small businesses warned against cyberattacks

BY CHAO YAN
Capital News Service
LANSING — An unwitting business employee clicks the wrong link and suddenly finds her files have been locked. A message flashes on the screen: You can have your data back, for a price.
Small businesses are falling prey to such “ransomware,” a type of cyber attack and one of a variety of networking threats companies now face.
“Small business is vulnerable to a wide variety of cyber threats, like web-based attack, scripting, phishing, ransomware…and ransomware is huge in Michigan currently,” said Zara Smith, the strategic programs manager for the Michigan Small Business Development Center.
Small business, big threat
More than 40 percent of cyberattacks target small businesses, according to a 2016 report by cybersecurity firm Symantec.
Zara said a lack of awareness is a main reason such businesses are threatened.
“A lot of them don’t realize how vulnerable they are,”  Zara said. “A lot of small businesses feel they are too small to be a target. They don’t know what to look for. ”
Small businesses could be attacked because their systems are gateways into larger firms that use the small companies as suppliers, Zara said
Also, even though the benefits of hacking an individual small company might be small, the gains can add up. And small companies often have fewer defenses.
“I think the biggest challenge to small business is the lack of resources,” said Michael Rogers, the communications officer for the Small Business Association of Michigan. “Many small business still don’t do an adequate job backing up their files. They don’t understand some of the basics of cyber-security.”
According to a survey conducted by Barkly Protects, an antivirus product company, about half of the organizations that experience a cyberattack are not changing their security measures in 2017.
“Even though they are experiencing it, they are not doing anything about it,” Rena Saltsman, the director of marketing and culture at NuWave Technology Partners, an information technology company in Grand Rapids, said.
Preparation is key
Nearly 70 percent of respondents in a 2016 survey of small and medium-sized businesses said they did not have sufficient budget or expertise to defend against cyber threats, according to the Ponemon Institute, a cybersecurity consultant based in Traverse City.
Rogers, from the Small Business Association, said some risks can be avoided at low cost.
“What all small business can do — regardless of the budget — is implement a back-up system for all the data and information,” Rogers said. “One of the areas where we find small business is most vulnerable is ransomware. You can limit that by having good back-ups.”
The Merit Network, a nonprofit corporation governed by Michigan’s public universities, recently launched three publicly accessible hubs in southeastern Michigan.
“The hubs–currently in Oakland University, Wayne State University, and the Pinckney Cyber Training Institute in Pinckney–are specifically chartered to work with local businesses, schools, and community organizations to raise awareness and provide training about cyber security, thus providing small business easier access to help,” said Joe Adams, the vice president of research and cyberecurity at Merit.
According to Merit’s website, the hub offers a training space for cybersecurity exercises that simulate data hacks and test defensive responses.
Adams said Merit expects to add two more hubs this year, one in the southwestern part of the state and the other in the middle of the state.
And Saltsman said, “What I want people to know is the attack is evolving all the time. We have seen situations where an attacker is able to get in through a printer.”
Saltsman said small businesses need to be proactive about protecting their data, because attacks are inevitable.
“It’s not about the ‘if’, it’s about the ‘when,’” Saltsman said.