October is National Cybersecurity Month, the perfect opportunity to review cybersecurity solutions for small and medium-size businesses, or SMBs. Cybersecurity for these companies is more critical than ever as they are increasingly targeted by cybercriminals. Here is the first of a two-part series of questions and answers focused on strengthening SMB cybersecurity. Answers are provided by Hawaiian Telcom security operations manager Jaspher Respicio.
Question: What common vulnerabilities do you see in SMBs that cybercriminals often exploit?
Answer: In Hawaii, many small and medium-size businesses don’t have their own IT teams or cybersecurity experts. This often results in problems such as outdated software, weak passwords and not keeping their computer networks organized. I’ve noticed businesses still using old systems that haven’t been updated in years. Cybercriminals exploit these weaknesses through scams like phishing attacks, ransomware and by taking advantage of unsecured areas of the network to access the network from outside.
Q: Are there any industry-specific threats that SMBs should be aware of (e.g. retail, health care, finance)?
A: Yes, each industry has its own set of threats. For example, retail businesses in Hawaii, especially those in tourism hot spots, need to be cautious about point-of-sale malware and card skimming attacks. Health care providers, which often lack the resources for robust IT infrastructure, are prime targets for ransomware because of the sensitive nature of patient data. Financial institutions and credit unions must be wary of phishing, manipulative tactics and fraud. Hawaii’s unique mix of local businesses and high tourism traffic makes it crucial for businesses in these industries to stay vigilant and proactive.
Q: What are the most cost-effective cybersecurity solutions for small businesses? How can SMBs balance cost with effective cybersecurity measures?
A: If you have an IT team, start with guidelines such as the Center for Internet Security Top 18 Controls, which provide a solid foundation and help prioritize security efforts. Businesses that do not have an IT team can reach out to a local cybersecurity expert for recommendations on tailored solutions that fit your budget and needs, covering basics such as firewalls, device protection and multifactor authentication. Balancing cost with security means focusing on essentials and getting help when needed to avoid more expensive problems later.
Q: How can SMBs decide on the best cybersecurity solution for their specific needs?
A: It starts with a thorough risk assessment. Identify what data and systems are most critical to your business and where your vulnerabilities lie. For businesses in Hawaii, consider factors such as remote- access needs, compliance with state-specific regulations and potential natural disasters that could impact your IT infrastructure. Consulting with a local cybersecurity expert can provide insights that align with both your business and the local environment, ensuring you invest in solutions that truly address your risks.
Q: How do SMBs respond to a cybersecurity incident effectively?
A: First, isolate the affected systems to prevent the issue from spreading. Notify your IT team or outsourced IT service provider immediately. Communication is key — let your staff know what’s happening without causing unnecessary panic. Document everything — every action taken and every communication made. Contact law enforcement if necessary, especially if customer data is involved. Post-incident, conduct a thorough investigation to understand how the breach occurred and take steps to strengthen your defenses. In Hawaii, where news travels fast, managing your public communication is crucial to maintaining trust with your community and customers.
Q: How can SMBs develop and maintain an effective incident response plan?
A: An incident response plan should be straightforward and easy to follow. Start by identifying key contacts and defining roles. Outline clear steps for detection, containment, eradication, and recovery. Regularly train your staff on their roles within the plan, and conduct tabletop exercises to test its effectiveness. Given Hawaii’s unique risks, such as natural disasters that could affect connectivity, consider including alternative communication methods and backup procedures in your plan.
Read the second part of Respicio’s suggestions for SMB cybersecurity in the Oct. 16 installment of Tech View.
---------------------
Jaspher Respicio is manager of security operations at Hawaiian Telcom. Reach him at jaspher.respicio@hawaiiantel.com.
© Honolulu Star-Advertiser
Visit this article in the Star-Advertiser.