Rome, N.Y. >> Small businesses were invited out to the Rome Chamber of Commerce to learn more about the digital world and what it means to their business.
A part of the Renew NY-22 tour by Congresswoman Claudia Tenney, R-22, and cosponsored by the Rome Chamber of Commerce, Mohawk Valley Small Business Development Center and Anjolen Cybersecurity, the workshop was meant to teach small businesses that they are just as much as a target for hackers and cyber criminals as big businesses; and that means they need to act sooner rather than later.
“Nearly 50 percent of small businesses experience cyber-attacks. However, our small businesses rarely have the additional resources to invest in improving cybersecurity as it is often a complex and costly undertaking. Everyone likes to think ‘Oh, I’m too small’ but you’re not. Your identity is very valuable and if you’re comprised, it can affect you the rest of your life,” said Tenney. “We wanted to give everyone an opportunity to learn a little bit today.”
Housed on the Utica College Campus, Anjolen has years of experience behind it in the cybersecurity field and lead the discussion.
Chief Training and Development Manager Michelle Tuttle said “What of the one things we want to accomplish is to help you understand cybersecurity and how it affects you as a small business and give you best practices, proactive tips and things that you can go back and look at when positioning yourself for cybersecurity. From a managerial standpoint, you hear people talk a lot about proactive versus reactive. Whether you’re talking about cybersecurity or the financial sector, you want to be proactive. If you’re not proactive, you can’t handle what’s being thrown at you. By being proactive and thinking about cybersecurity posture and what checks and balances we have, we can be more effective when there is an incident.”
Some of the most valuable targets to potential hackers are the servers used by businesses to hold personal information or personal health information. Things like social security numbers, bank numbers, medical history and more.
“Those two categories of information are protected by government regulations. The government says you have to be proactive and practice due diligence and ensure that the right steps are in place to protect data from cyber-attacks,” Tuttle said.
But stealing information isn’t the only threat; locking it away can be just as costly, if not more.
Vice President of Anjolen Cybersecurity Joseph Giordano said Anjolen’s aim is to prevent clients from becoming like city of Atlanta when faced with a cybersecurity threat.
On March 22, the city of Atlanta’s computer network fell victim to a ransomware attack, in which specialized software was used to completely lock a number of systems behind an encryption. Without the encryption key, there is no way of accessing the system. The perpetrators of the attack demanded around $50,000 in bitcoin for the release of the systems affected. The city of Atlanta lost access to a good portion of its computer network and is still recovering from the attack; as of June, Atlanta has spent around $2 million to repair its network and is expected to pay more.
Giordano said the city of Atlanta did not have a backup of data or programs in place. In being reactive to the situation instead of having proactive measures, the city has suffered a major blow.
One attendee of the workshop said he works as an insurance broker and wanted to know if lost money could be covered under business insurance. Tuttle said cybersecurity insurance has come about within the last few years and companies like Anjolen are called in to examine the policy to make sure business owners have done what they could have done to prevent the attack before the insurance is paid. To Tuttle’s knowledge, business insurance would not cover cyber attacks.
“Small businesses are a target. They are the most impacted, too, with 60 percent of small businesses shutting down within six months of a breach. The bottom line is that ransomware is the attack of the day. It locks the systems.” Giordano said. “I don’t think any organization is not vulnerable today. If you are still in business and are making money, you are a target.”
But there’s no such thing as being 100 percent secure. Tuttle and Giordano said if any cybersecurity company says they are 100 percent secure, you should turn around and run.
“Human vulnerability is the greatest threat, anyone in the cyber security field will tell you that,” Giordano said.
“In a survey, 82 percent people said they read and understand their company’s policy regarding data privacy and information security. Yet in that same survey, 46 percent of people say that opening any email on their work computer is safe. That’s a big contradiction,” Tuttle said. “You might have policies and procedures in place, but this suggests the employees don’t understand what it is they’re reading or why its important. We need to make employees understand why these are important and in place.”
Another attendee was concerned about employees who were using the internet during their lunch break and using their work devices to browse.
“It’s your system and your policy,” Tuttle said. “If they want to take their personal device, sure, but if you have an internet use policy that says they can’t then there needs to be corrective action. You’re the one that’s going to have to deal with vulnerability if something happens. It can be hard to monitor, but there are tools to help.”
Hackers can also prey on human emotion, Tuttle said, and told the workshop of a situation in which a woman used the sound of a crying baby and the guise of a distressed mother to get a call center employee to change the email and password of another person’s account without proper authorization.
When it comes to the weakest link in cybersecurity, Giordano said, it all comes right down to human error.
Attendee Cathie Mann, of Rome, is looking to start her own business in the Rome area providing in-home health care to the disabled and elderly; and she sees the internet as a potential tool and threat.
“Being a potential business owner, I’ll have a lot of personal health information on a website for clients and I want to protect that information because of HIPAA,” Mann said. “I’m not that tech-savvy and my children would say I’m a novice. But I’m a quick learner and I just need to be taught.”
Mann took a lot of notes at the workshop and learned about the different threats she could be potentially facing.
“I think it’s very important to pay attention to things, like links on your computer. I’ve never been suspicious. As a nurse, I’ve always been very empathetic and answer to emotional things. So I have to be careful not to do that, even if it goes against my grain,” Mann said. “But after the workshop here, I feel more confident.”