Cybersecurity experts are urging small business (SMB) owners to not ignore the risks they face from cyberattacks. As SMBs become larger targets for cybercriminals, Mastercard is launching a new initiative in an effort to support small businesses’ defenses against these attacks.
In a press release on Tuesday (Feb. 19), Mastercard announced the launch of its Cybersecurity Toolkit for SMBs, an online resource developed in partnership with the Global Cyber Alliance (GCA) that provides entrepreneurs and business executives with guidance and tools to address the threat of cyberattacks on their companies.
Citing 2018 data from Verizon, Mastercard noted research that suggested the majority of cyberattacks are actually targeted at SMBs, ranging from phishing scams and the Business Email Compromise (BEC) to malware and ransomware attacks.
In its announcement, Mastercard noted that providing educational resources for small businesses to mitigate the risk of cyberattacks not only helps the individual businesses, but supports the economy at large. City of London Police Commissioner Ian Dyson released a statement in the announcement, noting that small businesses have lost $8.75 million from social media account hacks between April and September 2018, shedding light on another rising cyberthreat for SMBs.
Philip Reitinger, the Global Cyber Alliance’s president and CEO, said, “Our focus is on producing a dynamic clearing house of operational tools that help small and medium businesses address risk and improve their cybersecurity posture, leveraging the deep expertise of our network of global partners, such as Mastercard, and the experiences of actual GCA toolkit users.”
In addition to Mastercard, the Global Cyber Alliance is working with a range of other businesses to create the toolkit, including the Cyber Readiness Institute and the Center for Internet Security (CIS).
The toolkit provides operational tools, which allow small businesses to take stock of their digital assets that are prone to cyberattacks. The tools also enable businesses to generate strong passwords and implement multi-factor authentication to protect their data and to perform data backups. The service includes educational materials as well, like training videos and guidance on internal cybersecurity policy development.
Education Is Key
Mastercard and the Global Cyber Alliance are not the first partners to develop educational resources for small businesses to adopt enhanced cybersecurity practices.
Last March, Intersections launched its Data Breach Readiness solution, designed to provide small businesses with the education and resources they need to avoid fraud and cyberattacks, pointing to employee education as “the best solution for preventing a data breach.” Yet, amid the efforts to increase awareness of cyberattack threats among the small business community, research has suggested that understanding of this risk remains muted.
Last year, for example, IT consulting company Switchfast found that small business employees outperform their managers when it comes to cybersecurity best practices, and 51 percent of its survey respondents incorrectly believed that their small businesses were not a target for attackers. The research also revealed a gap in understanding of key cybersecurity practices, like a clean desk policy, leading Switchfast to conclude that SMBs “don’t prioritize security education and best practices” because they don’t fully understand the cyberthreat.
Other analysis has suggested that small businesses often wait until a high-profile attack — like 2017’s WannaCry — makes headlines to wake up to the threat of cyberattacks. While researchers at Tanium found last year that one-third of U.K. small businesses responded to the WannaCry attack by investing in their own cybersecurity technologies, small businesses often lack the resources they need to invest in and become educated about cyberthreats.
In a statement about the new toolkit from Mastercard and Global Cyber Alliance, CIS President and CEO John Gilligan said the solution was “of critical importance to help smaller organizations effectively deal with increasingly complex and more frequent cyberthreats.”