YOUNGSTOWN, Ohio – Cyberattacks can hit businesses of all sizes but they are usually preventable.
According to CyberTalk.org, 84% of cyberattacks in 2021 were carried out by email; 43% of those attacks were aimed at small businesses and only 14% of those businesses were prepared to defend themselves.
Guy Young, owner of Data Consulting Network Solutions, Youngstown, provides a range of IT services and support to local businesses. He says the company deals with cybersecurity issues a couple of times a month.
“A lot of it starts off as an email scam or something to that extent,” Young says. “It can end there or escalate from that.”
While larger businesses are often viewed as likely targets, Young says smaller and midsized businesses are at risk just as much.
“I have a midsized business that I deal with and they get a lot of threats from email spoofing attempts all the time,” he says. “Once [cyber criminals] get the information, they run rampant with it.”
Young says DCNS makes sure its clients have patched and updated antivirus protection. But educational measures are still important, he says. Many issues result from human error.
“The most vulnerable comes down to the least secured or who doesn’t know what to look for,” Young says. “It can be any industry for the most part; but a lot of times it’s doctors offices or hospitals. That’s where a lot of the ransom [issues] seem to affect [people].”
Educational videos and “think before you click” options are ways Young says he tries to make clients familiar with certain issues.
“Good practices and keeping up with what policies are in place to prevent this goes a long way [to prevent] cyberattacks,” he says.
Businesses of all sizes need to invest in cyber insurance.
Mercy Komar, an agent and commercial lines manager at L. Calvin Jones in Canfield, has been working with these issues since 2016. She says many businesses are getting coverage because cyberattacks are becoming more serious.
Komar says she recently spoke with a client who was scammed out of $114,000, adding this is a small amount compared to many other cyberattacks.
“We’re talking about a small tool and die shop,” she says. “We’re talking about a man who has only 10 employees.”
“We either have ransoms, which are less frequent with big amounts of money, or you have these small frauds that are more frequent with lesser amounts of money,” Komar says. “The average [cyber] fraud is around $300,000 in the United States.”
Komar says she is considered a national expert in cybersecurity and she educates other insurance agents around the country.
There are two reasons businesses should invest in cyber insurance, Komar says: liability to protect others if their information gets stolen and protection for the business.
“You’re protecting other people and yourself,” she says.
Komar says her office has around 700 clients. About 50 of those clients invest in cyber coverage. Coverage typically focuses on areas of liability, ransom and money fraud.
“Most health care professionals and educators have already got into this. But we still have a lot of small-business owners that need this coverage and they are just beginning to realize these things can happen,” Komar says.
Marsha Gazy, owner of TeamLogic IT in Youngstown, says initial preventive measures are essential for limiting cybersecurity threats. This can include something as small as making sure passwords are changed frequently or are complex.
“Cybersecurity criminal activity is a huge business,” Gazy says.
“There are people just sitting in office buildings, going to the water cooler and then back to their office who try to crack and hack into different things,” he says.
Aside from antivirus protection and antimalware security, Gazy says TeamLogic IT also focuses on training and prevention.
“I think that a lot of people think ‘It’s not going to happen to me’ and ‘No one is going to bother with a small company in Youngstown,’” says Gazy. “They [cyber criminals] target everybody.”