Though it’s not well understood by the public, the majority of US manufacturing work is done by small businesses. According to NAM’s Manufacturing Institute, there are more than 248,000 manufacturing firms in the United States, but the average profile is tiny. In fact, the Small Business Administration (SBA) says that more than 98 percent of manufacturing companies are considered small businesses, and 75 percent of them have fewer than 20 employees.
Many of these companies would deign to use the word “enterprise” as much as they’d resist the corporate jargon and red tape that can weigh down bigger businesses and hamper productivity.
But small operations have their specific drawbacks as well. Many have scarce access to capital and struggle to recruit and retain top talent due to limited resources and a lack of exciting perks. This position offers its own challenges in the current job market, but I’d argue that the worker shortage is temporary. There’s another challenge facing small manufacturers that’s not: In 2020, a record number of cyber attacks hit American businesses, and the problem shows no signs of slowing.
According to a recent survey conducted by CNBC and Momentive, 56% of small business operators said they are “not concerned about being the victim of a hack in the next 12 months, and among those, 24% said they were ‘not concerned at all.’” In the ensuing report, David Kennedy, founder of cybersecurity company TrustedSec and himself a former hacker, characterized the results as “a heads-in-sand moment for lots of these businesses.”
And the data backs up Kennedy’s take: in 2020, hacking incidents spiked, including those related to phishing scams and ransomware attacks. Overall, data breaches have increased by 67 percent since 2014, according to Hacked.com.
Unfortunately, CNBC’s survey isn’t the only one that suggests small businesses are oblivious to the risks, which are plentiful. The SBA reported $2.7 billion in cybercrime cost in 2020, and says small businesses are “attractive targets because they have information that cybercriminals want, and they typically lack the security infrastructure of larger businesses.”
The secret, as they say, is out.
It’s important to acknowledge that small businesses don’t exactly have unlimited budgets for IT-related efforts, but it’s important to assess your risk in other areas too: for example, training can play a huge role in protecting a business because it targets gaps in security that are exploited based on user behavior.
Last year, web hosting platform company GoDaddy was widely panned for a security test that highlighted phishing scam risks: it was presented as an email offering workers a $500 bonus, but the “click” was a test to see how easy it was for employees to be tricked into a scam. While I’m not encouraging this kind of exercise -- which many of the GoDaddy’s workers found insensitive -- it did mimic real phishing attempts and around 500 employees clicked on it.
The benefit in this case was awareness and the SBA reinforces this point, contending “employees and emails are a leading cause of data breaches for small businesses because they are a direct path into your systems. Training employees on basic internet best practices can go a long way in preventing cyber-attacks.”
Besides these best practices, the agency says there are other basic steps to take that don’t require massive investments in IT infrastructure. Start with securing passwords. We’ve reported on several significant breaches in the past few months that came as a direct result of poor password protection, and results could have been catastrophic. Buffer a strong password with two-step authentication and offer credentials for sensitive access sparingly. Back up your data and, if you’re able, use up-to-date security software, firewalls and encryption tactics to serve as a wall around your business.
Finally, says the SBA, secure your physical location to keep cyber threats at bay. Perhaps the most simple and effective approach to managing risk could be locking up IT equipment -- including laptops and phones -- when not in use, preventing them from walking out the door in the hands of bad actors.
It’s sometimes easy to forget that the “Season of Giving” and the “Season of Grinches” are one and the same. And eventually an unsecured business will get the nasty gift of an IT breach; it’s up to you to act now and make it harder for the nefarious monster to get down your chimney.