Up to 43% of all cyberattacks target small businesses, according to data compiled by SCORE. So, what precautions should small business owners take now to prevent cyber vulnerabilities and protect their assets? Today on the Small Business Show, we’re pleased to welcome Burton Kelso, Owner and Chief Tech Expert of Integral, to share his insight and tips for keeping your business digitally secure.
Transcription:
Jim Fitzpatrick:
Thank you so much for joining us on the show, Burton. Very much appreciate it. This is a big issue out there. I think bigger than most small businesses realize.
Burton Kelso:
That’s exactly right, because cyber criminals understand that small businesses just don’t have the resources or the budget to counteract a lot of the cyberattacks out there. Now a lot of cyberattacks are socially engineered, which means that criminals know what things to get people to click on stuff. So for example, if there’s a customer that is writing a business saying that they want to pay an invoice, or maybe there’s a shipment that is arriving late, most small businesses are going to react to those emails, phone messages, or even text messages that come in, and when they click on those items, they could wind up in a lot of trouble.
Jim Fitzpatrick:
Even a text message. Huh?
Burton Kelso:
Oh yeah, definitely. Criminals are always looking at new ways to attack small businesses. So most businesses are using their cell phones, which I don’t recommend, as their main business number. So it’s very easy to text someone and get them to fall for a scam.
Jim Fitzpatrick:
Wow. You mentioned a few things, but what makes small businesses attractive to targets?
Burton Kelso:
Lack of IT security would be one thing. The other thing, criminals know that they can put small businesses and the compromising situation because a lot of small businesses don’t back up their data. So attacks like ransomware put small businesses at the mercy of cyber criminals, meaning that they’re apt to pay the ransom to get their precious data back, as opposed to just telling the cyber criminal to go away and then retrieving their information from backup. And then again, it boils down to IT infrastructure. Most small businesses don’t have an IT infrastructure. It’s probably their kid or the neighbor down the street that is taking care of all of the IT for that small business. And it puts them in a lot of trouble.
Jim Fitzpatrick:
That’s Right. And with so many companies now, or I should say, individuals, entrepreneurs, and small business owners, doing eCommerce where they’re, taking in credit card numbers and they’re taking in addresses and shipping addresses and all of that unbelievable data that people are willing to share to get those products and services sent to them, small businesses have a responsibility to those customers to protect that. Otherwise they are leaving themselves out there, right?
Burton Kelso:
That’s right. Because rule number one with small business is to make money. But the second rule number one is to make sure that you’re protecting your customer data. I mean, if you are not doing a good job of that, you might as well shut your doors because you’re not doing our country and you’re not doing your customers any service.
Jim Fitzpatrick:
That’s right. That’s right. So what impact, short-term and long-term, do these breaches have on small businesses and their owners?
Burton Kelso:
Well, short-term would be a loss of confidence in the company. we can look at T-Mobile, even though they’re a large tech company, there are a lot of people that have less confidence in T-Mobile after their large-scale data breach about a year and a half ago. But it’s estimated that a little bit more than half of small businesses go under after six months after a cyberattack, just because of the costs that are involved to recoup, also too, loss of confidence in that small business brand will cause a lot of these businesses to close their doors.
Jim Fitzpatrick:
Sure. And man, that sure makes the news headlines, doesn’t it, when something like that happens on a small business? All of a sudden, the news loves stories like that. So they might have not reported about how great your service is or your product is or how long you’ve been in business, but they’re going to report on that, aren’t they?
Burton Kelso:
That’s definitely right. And then don’t forget, Jim, you got to remember about social media.
Jim Fitzpatrick:
That’s right.
Burton Kelso:
If the data breach occurs, how many businesses are going to go to social media to say, “Hey, so and so’s been breached, you’d probably better not do business with them”?
Jim Fitzpatrick:
That’s right. And it could also be promoted through your competition that hears about it, right? And then all of a sudden they’re making big waves out there to say, “Hey, XYZ over there, they didn’t take care of your data, and now it’s been breached, but we won’t do that over here at ABC Services,” right?
Burton Kelso:
That’s right. I mean, obviously your competition’s always looking for your downfall. And what better way to take them out is to expose the fact that you’ve been part of a large-scale data breach?
Jim Fitzpatrick:
That’s right. That’s right. With the increase in cyberattacks, can you share a few reasons as to why there aren’t more businesses increasing in their security? I mean, it just seems to me to be right up there with, you’ve picked a great attorney, you’ve picked a great accountant, you’ve picked a great marketing team to do your branding and such, and now you’ve got one more chair at that table that needs to be somebody that’s going to protect the data in that company, right?
Burton Kelso:
Yeah. Us IT guys, we don’t get a seat at the table, Jim. Because it’s the last thing that small businesses think of. I think because of big box stores, like Best Buy and Staples and a few others, most businesses assume that they should already know and be able to handle a lot of the technology instances that occur in their company. And that includes cybersecurity. So part of it is shame, thinking that, well, I should know this stuff, and I’m embarrassed to ask for help because I don’t know this stuff. And also many of the tech items that are sold for security purposes are geared to DIYs. So if you get a router of the store, you’re thinking, well, I’m supposed to be able to set this up. Same thing with antivirus software or upgrades to your operating system for your phone or your computer. It’s set up in a way that you are supposed to be able to do that, and you’re an idiot if you have to go out to an IT company to have those services performed.
Jim Fitzpatrick:
Sure, sure. But that’s just not the case. You’re actually very smart in doing that, right? It’s just the reverse.
Burton Kelso:
It is very smart, but I think also small businesses think that if I’m a large company, then I need to have an in-house IT person. With a small business, you just kind of sit and waffle. Is this an expense that I really need to deal with? And the other thing, Jim, is that unfortunately there are a lot of IT guys that have burned small businesses as far as overcharging for services and products and just not being able to articulate in a way that most small businesses’ owners understand what they need to do in order to protect their businesses from a cyberattack.
Jim Fitzpatrick:
That’s a very good point, because most people don’t know this that well. So if you’ve got a rogue vendor out there in this space, you’re kind of at their mercy when they say, “Oh, you absolutely need X, Y, and Z in order to protect yourselves,” when in reality, maybe you just need X. You don’t need Y and Z, and it’s more coverage than you actually need. And this is also one of those things, I think, when I talk to entrepreneurs and small business owners about this topic is that they’re kind of like, “Oh no, we definitely have that on the sheet. When we grow big enough and we have enough customers and we have enough employees and…” Right?
It’s like one of those things that we’ll kick the can down the road. And then all of a sudden they’re terribly shocked that the clients that they currently have and the employees that they currently have have been completely breached. And they never got to that point that they thought that they needed this area to be protected. And now it’s too late. It’s kind of one of those things… You must be one of those guys that’s like, “You can call me now or you can call me later, but eventually you’re going to be calling me.” Way easier if they call you sooner than later, right?
Burton Kelso:
I love that analogy about kicking the can down the road, but that’s exactly what happens when it comes to small businesses and IT. It’s not top of mind as far as making sure their company is protected. And then of course, there’s always that mentality of, I’m too small. Cyber criminals aren’t going to target my business. But I mean, they don’t care because criminals understand that this is a numbers game. It’s not about getting the $50,000 ransom. It’s about maybe a hundred dollars or a couple of hundred dollars. And they just kind of build on that and just take a little piece at a time.
Jim Fitzpatrick:
Sure. There’s no question about it. And like I said, it’s too late if you’ve already been hacked, and now they’re calling you to say, “Oh, please, fix us. Or what can we do? I mean, this has got to change.” Maybe it even shuts down our website. We can’t do any business until, this is taking care of or what have you. There’s so many reasons, folks, for those business owners that are listening to us or those people that wish to be a business owner… Here at ASBN, we get many people that are on the sidelines right now, but they plan to open up a small business.
Please put this on your to-do list, along with your great accountant and your great attorney and your great marketing company, that’s going to help you build your brand and such. There needs to be an allocation for cybersecurity. So whether you call Burton, he’s great, that’s why we have him here at ASBN. However, just get somebody. I’m sure that you agree Burton. If they don’t call you, call somebody, right? Because this, this is an area that definitely needs to be covered for sure. What tips can you give small businesses to protect themselves from a cyberattack?
Burton Kelso:
So the first thing would be to set up automatic backup systems for all your devices at your company. Doesn’t matter if it’s tablets, smartphones, laptop, or even desktop computers. You definitely need to enable automatic, and I’m going to add this in, cloud backups to your business infrastructure. Because if you’re doing physical backups with like say an external hard drive… I’m going to grab one real quick just to show you. With one of these babies, chances are, if you’re a mobile company, you’re not going to plug this into your laptop to make sure that it’s backing up. And I’ve gone into many businesses where it’s just sitting in a drawer somewhere and not doing any good.
So automatic cloud backups that are going to the cloud are one of the best ways to ensure that you never lose business data. Cloud backups go 24/7. Soon as you turn your devices on, they’re automatically backing up to the cloud. And if you’re worried about the cloud, keep in mind that then information is in encrypted, which means criminals can’t break in and steal your data off the cloud.
Jim Fitzpatrick:
That’s phenomenal. That’s good to know, actually. So you’re kind of like a superhero for small business owners. I mean, I’m just looking at all the superheroes right there behind you. You kind of need your own cape, right?
Burton Kelso:
That’s right.
Jim Fitzpatrick:
That’s great.
Burton Kelso:
Another good tip I was going to bring up too, is protect your social media accounts and your websites. Because there are a lot of hacked and a lot of duplicated social media accounts. And with a lot of small businesses doing site builders and designing their own websites, if you’re using weak passwords for both social media and your websites, it can definitely mean a criminal can break in and either trick your customers who visit your websites out of money, or they can get into your social media accounts and steal your credit card data as well.
Jim Fitzpatrick:
That’s right. So you’re telling me I should change my 01234 right after this?
Burton Kelso:
Obviously.
Jim Fitzpatrick:
That’s right. Well, Burton Kelso, owner and chief tech expert at Integral, thank you so much for joining us on the show. We very much appreciate it. I know that our small business owners are going to get a lot out of this information that you’re delivering here today. Get on this, folks. You don’t want to make the call to Burton when it’s too late. You know, when the hacker has already hacked in, and that’s not a good picture. And that’s also something many small business owners cannot afford, because if you’re anything like I am, you’re hand to mouth in those first few years, trying to make a go of your business. The last thing you need is a huge cost in fixing this situation or having to pay some ransom somewhere to somebody that’s hacked into your company. So don’t let it happen to you. You have been forewarned here at our show. So thank you so much, Burton. Thank you again for joining us on the show.
Burton Kelso:
No problem, Jim. Thank you.
Jim Fitzpatrick:
Thanks.
