NASHVILLE — There’s good news amid the grim landscape of cybersecurity threats to small businesses: Most attacks are preventable. During a recent National Federation of Independent Business (NFIB) webinar, former FBI cybersecurity specialist Scott Augenbaum shared essential strategies for protection.
In Part 1 of this series, we discovered the growing problem of cybercrime and the threat it can pose to all businesses, including businesses such as dry cleaners.
In Part 2, we explored why traditional law enforcement is often powerless to solve cybercrimes after the fact.
Today, we’ll examine some specific steps dry cleaners and other small businesses can take to protect themselves from cybercrime.
An Ounce of Prevention…
“I discovered that a majority of (cybercrimes) could have easily been prevented if the end users had the right pieces of knowledge,” Augenbaum says, referring to the numerous cybercrime cases he investigated. “If I could have gone back in time and given this person a bit of advice, they wouldn’t have become the next cybercrime victim.”
The most critical step is implementing two-factor authentication on all critical business systems.
“You need to put two-factor authentication on all of your remote access, your email, your bank account, your mission-critical platforms,” Augenbaum says. “You need to put it on your payroll and your CRM if you’re using something like a Salesforce.”
Two-factor authentication requires a second form of verification beyond just a password.
“Each one is a little specific and there are a couple of ways you could do it, either through text messaging and apps,” Augenbaum says. “It doesn’t cost anything to really do this. This is free from almost all the major accounts.”
To demonstrate its effectiveness, Augenbaum made a bold statement: “I can give every single person here my Gmail username and password and you will not get in because of two-factor authentication.”
Password security is another crucial area. With the recent leak of 10 billion passwords online, businesses must be particularly vigilant. Augenbaum recommends using unique passwords for each account and considering a password manager or passphrase system.
When it comes to changing bank account information or payment instructions, email alone is never enough.
“You’re going to send an email to all of your vendors and tell them that you will never change bank account and routing information by nothing more than an email,” Augenbaum says. “You’re going to have to have a telephone call or you’re going to have to do something.”
Spreading the Word
Employee training is essential, but traditional annual cybersecurity awareness training isn’t sufficient.
“Nobody has succeeded at ‘changing corporate culture,’” Augenbaum says. Instead, he recommends focusing on personal impact: “I’m going to teach you how to keep your family safe. I’m going to teach you how to keep your kids and your elderly parents safe through storytelling... because once I can make you feel that pain of what it’s like to be a cybercrime victim, then you’re going to take that advice.”
The stakes are high, but the solutions don’t have to be complex or expensive.
“The thing that really blows my mind is the lack of sophistication required to destroy a business,” Augenbaum says. “It takes a stolen username and a password without two-factor authentication, or social engineering. That’s all it takes to ruin a business.”
It’s Everyone’s Problem
For dry cleaners and other small businesses, Augenbaum believes the message is clear: Cybersecurity isn’t just an IT issue — it’s a fundamental business practice that requires ongoing attention and commitment from everyone in the organization.
“Common sense is not common practice,” Augenbaum says. “We have to change the way we think because the lack of sophistication required to destroy a business doesn’t take much... but think about all the things we talked about. You don’t have to spend much time (to protect yourself and your business).”
By implementing these basic security measures and maintaining vigilance, dry cleaners can significantly reduce their risk of becoming cybercrime victims. The threat may be growing, Augenbaum says, but so are the tools and knowledge available for protection.
For Part 1 of this series, click HERE. For Part 2, click HERE.
Have a question or comment? E-mail our editor Dave Davis at [email protected].
