Academics

Lecturer shares cybersecurity tips to protect small businesses

Credit: Kelly Bryan / Penn StateCreative Commons

UNIVERSITY PARK, Pa. — Speaking to a group of small business owners, Ed Glantz, an associate teaching professor in Penn State’s College of Information Sciences and Technology (IST), issued a chilling warning: “You may not realize it, but you are all up against very sophisticated attackers.”

During the “Cybersecurity for Small Businesses” workshop hosted by the Small Business Development Center, Glantz and a group of his students led a discussion to educate small business owners on how to thwart possible hacks through simple cyberdefense strategies. 

The three students who assisted Glantz — undergraduates Fanta Conde, Samuel Levendoski, and graduate student Tariq Elsaid — are completing a minor in security and risk analysis through IST, and each brought a unique perspective to the event. From gathering relevant data, case studies and technological expertise, their approach highlighted threats facing small organizations.

The team stressed that while large-scale cyberattacks like Equifax’s recent data breach are widely reported in the news, the reality is 43 percent of all hacks are aimed at small businesses.

“If you’re hacked, you won’t make headlines,” Glantz said. “But don’t trick yourself into thinking that means it won’t happen.”

The repercussions may also be worse, as many small businesses don’t have the resources to bounce back from the effects of an attack.

“You’ll lose the trust of your clients,” Levendoski said, who noted that 60 percent of hacked small businesses go out of business within six months.

To help combat the evolving threat of malicious hacks, Glantz and his team outlined critical actions that all businesses can put in place to protect themselves from cyberattacks.

— Implement strong password policies. “People think once you have your password secured, they don’t have to change it,” Elsaid said. “But the longer you keep your password, the more susceptible to a breach you are.”

He recommended updating your password every six months.

— Train your employees on how to spot phishing attacks. “Human beings are the weakest link in cybersecurity,” Elsaid explained.

Make sure employees know to never click on links in emails from unknown sources and to report suspicious messages.

— Make sure your systems and software are kept up to date. Updates are often released in response to newly discovered threats, so it’s important to update your systems often.

“There are millions of new malicious software added everyday [to these programs],” Glantz said. Staying up-to-date allows the software to combat against the most current threats.

— Don’t connect to public Wi-Fi. “When you are on a Starbucks’ network, you are sharing all your information with everyone in that café,” Glantz said.

If connecting to public Wi-Fi is necessary, make sure to use a Virtual Private Network (VPN) to encrypt your information.

— Only use trusted USBs. “Beware of USBs that are gifted to you or ones that you find,” Conde warned.

There have been instances where malware has been preloaded onto a USB drive by attackers, who know that people are likely to use it even if they don’t know where the device originated.

— Create a cyber-plan. Companies often scramble when they discover a security breach and fumble on communicating the information to their clients. Fanta emphasized that small business owners are less likely to regain their customers’ trust, especially without a crisis plan in place.

“Customers want to understand that even if their information is compromised, it will be handled well,” Conde said. Strategizing a notification and recovery plan is the first step. “Starting a small business is scary enough on its own, so this is a way to lessen your risk,” she advised.

Glantz undertook this effort to continue retired professor Gerry Santoro’s passion for cybersecurity awareness and education.

“We hope to endow a scholarship in Dr. Santoro’s name for a student in the Cybersecurity Analytics & Operations program,” he said.

While these steps can’t guarantee a business will never be hacked, Glantz concluded that by building up defenses, “you won’t be the lowest hanging fruit on the tree.”

Last Updated October 27, 2017

Contact