What CPAs Need to Know About Small Businesses’ Cybersecurity Needs

by Mary Anne Schafer, SMI Corporation | May 19, 2021

The COVID-19 pandemic forced thousands of organizations around the world to become entirely remote seemingly overnight. Many businesses had some experience with mobility and remote access to work from home, but few, if any, were equipped to operate 100-percent remote. Cyber criminals and opportunistic attackers wasted no time targeting insecure home networks and household smart devices like doorbells, thermostats and yes, even fish tanks.

From credential theft, to email phishing scams to social engineering, cybercriminals sought to exploit any and every aspect of the remote transition of our workforce. Cyber criminals don’t discriminate. They feverishly work to find any and all security vulnerabilities that will allow them to access to the networks of large, small, global, regional and local businesses.

Small and Midsize Businesses

These mounting cybersecurity threats are particularly troublesome for small and midsize businesses (SMB). Even before the pandemic, SMBs and their chief information security officers (CISOs), if they had one, faced challenges when it came to limited budgets, complex cyber solution and services offerings, and the challenges and costs of hiring skilled staff. As the pandemic continues to take its toll on the broader economy, tighter budgets, higher prices and greater risks have increased the complexity and cost of securing your business. As SMBs find their footing in the post-quarantine world, they must embrace the critical importance of cybersecurity and scale appropriately.

The "2021 Survey of CISOs with Small Security Teams," from Cynet finds that companies with small security teams are facing a number of unique challenges, placing these organizations at greater risk than their larger enterprise counterparts. Here are some key findings that SMBs and their CPAs should be aware of:

  • 63 percent of these SMBs’ CISOs feel their risk of attack is higher compared to enterprises, despite enterprises having a larger target on their backs.
  • 57 percent of companies indicated they do not have enough skill and experience to protect against cyberattacks.
  • Almost all small security teams are looking to outsource security mitigation to an external provider with over half focused on outsourcing managed detection and response (MDR).

SMBs can and should increase their cybersecurity resilience to boost their chances of success. A crucial first step is for owners of SMBs to lead by example and pay attention to their employees’ online habits. They can demonstrate good cyber hygiene and educate their employees.

Here are some considerations:

  • Identify business-critical assets and data to prioritize their protection.
  • Be proactive, rather than reactive, when protecting against cyberattacks.
  • Access online resources to boost cybersecurity awareness and education. For example, the Small Business Administration offers free access to planning tools, business assessments, cyber hygiene vulnerability scanning and best practices on their website.

Mary Anne  Schafer

Mary Anne Schafer

Mary Anne Schafer is president of SMI Corporation. a network and cloud solution provider. She can be reached at mschafer@smicorporation.com. Learn more about SMI's benefits for NJCPA members at njcpa.org/benefits.

Leave a comment