Honolulu Star-Advertiser

Wednesday, December 4, 2024 74° Today's Paper


Tech View: Small businesses have become prime targets of cyberattacks

Filifotu Fotu Vaai

Filifotu Fotu Vaai

The global impact of cyberattacks is undeniable, and while businesses of all sizes struggle to find some level of relief, small businesses with limited budgets remain the primary targets of opportunistic attackers.

High-profile cyberattacks on larger corporations dominate the news cycle, but the truth is that small businesses are under siege on a daily basis. A recent study underscores this reality with statistics showing that as many as 46% of cyber breaches affect small businesses — nearly one every 14 seconds!

Worse yet, a staggering 57% of small business owners don’t recognize the looming threat posed by cyberattacks, many believing that their business is too small to be targeted. As our society becomes increasingly reliant on interconnected technology for everyday tasks, the avenues for cyberattacks continue to grow and with that, the odds of your business becoming a victim also increase.

Vulnerable areas

Small businesses don’t have millions of dollars to spend on infinite cyber defenses, so they must focus on the areas of the business that introduce the most risk and ultimately could have the largest impact on their organization if compromised.

Pay attention to these five areas when evaluating your small-business cybersecurity posture:

>> Employees: Phishing/Smishing is the No. 1 method of gaining access to business networks.

>> Corporate computers: A clear target as computers store the information that businesses use to survive, including financials, inventory, and customer and employee data.

>> Point-of-sale systems: These single systems that handle customer payment information can be attacked “over the wire” with malware or by attaching devices such as card skimmers onto public-facing systems such as gas pumps.

>> Voice solutions: Many businesses have made the switch to Voice over Internet Protocol, or VoIP, solutions (voice calls using an internet connection) and as a result, the phones and supporting network hardware have become targets for attackers looking to gain a foothold on your network. These devices can be compromised and used to commit direct attacks such as toll fraud or to move to something within your network.

>> Internet of things devices: Devices such as security cameras, menu boards, smart lights and smart locks have components that allow you to remotely access and control them. But if you can, an attacker potentially can as well. With few standards in the IoT space, many devices lack effective security testing and controls, and their manufacturers don’t always release updates to fix flaws that attackers are happy to exploit.

Improving cybersecurity

First and foremost, educate your employees so they are aware of the risks and can act as “human firewalls” for your network. This is critical to protect your business’s information and prevent breaches.

Implement a network cybersecurity solution equipped with advanced features such as:

>> Content filtering and built-in malware scanning: Prevent your users from accidentally accessing harmful websites and stop compromised devices from reconnecting to their “command and control” servers.

>> Network segmentation: Divide your network into isolated sections to limit the impact of breaches and reduce the spread of malicious activities. For example, set up separate networks for customers, point-of-sale systems, normal business devices and IoT devices.

>> Automatic host isolation: Stop the connection attempts of already compromised devices to keep the other devices safe.

>> Customer notifications: Get notified when a device is compromised.

Establish clear processes to ensure your business is adequately safeguarded against cyberthreats. Here are some critical questions to help assess your cyber­security readiness:

>> Who is responsible for ensuring that your devices are regularly updated and patched?

>> What is your incident response plan in the event of a breach?

>> How are you monitoring your environment to make sure no one adds a new device without your knowledge?

>> What are the potential repercussions if your devices become conduits for scammers to access sensitive customer and financial data?

>> How long can your business withstand being offline due to an attack?

Last but not least, choose a trusted technology partner. Whether you’re shopping for IoT devices or cybersecurity solutions, choosing a dependable, responsive vendor who understands your business can effectively reduce your cybersecurity risk.


Filifotu Vaai is vice president — business sales for Hawaiian Telcom. Reach her at Filifotu.vaai@hawaiiantel.com.


By participating in online discussions you acknowledge that you have agreed to the Terms of Service. An insightful discussion of ideas and viewpoints is encouraged, but comments must be civil and in good taste, with no personal attacks. If your comments are inappropriate, you may be banned from posting. Report comments if you believe they do not follow our guidelines. Having trouble with comments? Learn more here.