Get Started: Small businesses at risk for cyberattacks

Small businesses' inability or failure to deal with their vulnerability to cyber criminals puts them increasingly at risk for online attacks, witnesses told a congressional hearing last week. Part of the problem is innocence or ignorance, and part is small businesses' overall lack of financial and other resources, the witnesses said.

Fewer small and mid-sized businesses used software programs last year to make their internet and mobile sites more secure than in 2014, Jamil Jaffer, an adjunct law professor at George Mason University, told the House Small Business Committee on Thursday, citing an annual Cisco Systems Inc. study. Although cyberattacks have been in the news more often, nearly a quarter of small and mid-sized companies don't believe they're significant targets for cybercriminals, Jaffer said.

Small businesses' tendency to underestimate their vulnerability puts not only their operations at risk, but also those of larger companies to whom they supply goods or services, said Justin Zeefe, co-founder of Nisos Group, a cybersecurity company based in Washington, D.C. Many are also leaving themselves open to cyberattack tools known as ransomware, computer software that in effect seizes a computer's files. To get their files back, computer users must pay a ransom. However, if users have taken security steps like backing files up with an online security company, they can avoid dealing with the criminals.

Larger companies make cybersecurity a priority, but smaller businesses don't, Zeefe said.

"Malicious hackers follow the path of least resistance," he said.

But small companies are also at risk because they're at an economic and size disadvantage, said Nova Daly, a public policy adviser with the law firm Wiley Rein in Washington, D.C. Large enterprises have more money to spend on protecting their systems than smaller ones, he said. And small businesses may be out of the loop when information about potential attackers is disseminated.

"Often, larger companies have the resources to continually monitor and review threats that may arise from certain technology and supply chains, and at times are contacted by the U.S. government when breaches occur," Daly said.

DISASTER RISKS

Small businesses may not realize how much they're at risk from natural and human-made disasters, and also from accidents. The Small Business Administration is sponsoring an online seminar about the risks small companies face. It will be held Tuesday, July 19 at 2 p.m. Eastern time. Learn more and register at tinyurl.com/hedgenz

Explore further: New computer security guide can help safeguard your small business (w/ Video)