Cybersecurity is important for small businesses as 60% go bankrupt within 6 months of a cyberattack. Common threats include ransomware, identity theft, and customer data breaches. To prevent ransomware, businesses should update software, use firewalls and antivirus, backup data, and avoid suspicious links and attachments. Identity theft can be detected early by monitoring credit reports and statements for fraud. Customer data should be secured by training employees, only collecting needed data, using strong passwords and multifactor authentication, and encrypting backups of data. As mentors, discussing cybersecurity awareness and practices can help small businesses protect their operations and bottom line.

1. Cybersecurity for Small
Businesses
Niloufer Tamboly, CISSP, CPA

2. Niloufer Tamboly
󰟜 Work
Verizon – Risk Management
󰲎 Lecturer
Rutgers University – 401 level class
🎓 Education MBA in Security Assurance
🔖 Certifications CISSP, CPA, CISA, CFE, CIA, CGMA, CDPSE, Open FAIR
🔔 Patents
Establishing An Alternate Call Path Using Short-Range Wireless Technology
System For And Method of Generating Visual Passwords
󰛜 Volunteer
Cofounder - Step Up Skill and (ISC)2 New Jersey Chapter
Organizer - CISSP & CCSP Exam Study Group

3. Disclaimer
The views expressed in this presentation and during the session
are my personal opinions and do not reflect the official policy or
position of my employers.
This is my effort to contribute to the SCORE community and pay
forward the many kindnesses and instances of support and
guidance that I have received when I was a SCORE mentor.
#payitforward

5. Today let’s talk about the 10%

6. According to the U.S. National Cyber Security
Alliance, 60 percent of small businesses go bankrupt
six months after a cyberattack

10. What are the most common attacks?
Ransomware
Identity Theft
Breach of Customer Data

12. How to prevent Ransomware
● Never click on unverified links
● Do not open untrusted email attachments
● Only download from sites you trust
● Avoid giving out personal data
● Use mail server content scanning and filtering
● Never use unfamiliar USBs
● Keep your software and operating system updated
● Use a VPN when using public Wi-Fi
● Use security software
● Keep security software updated
● Backup your data

13. What is identity theft?
Fraudulent acquisition or use of a person’s personally identifiable information (PII)
What is identity fraud?
When the information acquired fraudulently is used for illicit gain

14. Impact
of
Identity
Theft

15. Can you prevent identity theft?
No, but you can detect it early

16. First
Opt out of prescreened offers
Place a security freeze on your NCTUE Disclosure Report
Place a credit freeze
●TransUnion.com/credit-help
●Experian.com/help
●Equifax.com/personal/credit-report-services
Check your credit report for free

17. Then
Review your bank, credit card statements
Read your Statement of Benefits sent by your health insurance carrier
Sign up for ID theft monitoring service
Use a password manager
Set up multi factor authentication
Use a VPN service when using public WiFi

18. ...
Don't click links in emails
Sign up for paperless billing
Don’t provide any PII information to a caller over the phone
Keep your computer software updated, install anti-malware and firewall
Shred all mail with PII
Contact the post office if you notice any changes in your mail delivery

19. Now is my identity secure
No!
But by being proactive you can manage the impact

20. Breach of Customer Data
Who are the threat actors?
External (74%), Internal (26%), Partner (1%), Multiple (1%) (breaches)
What are the motives?
Financial (83%), Espionage (8%), Fun (3%), Grudge (3%) (breaches)
What data is compromised?
Credentials (52%), Personal (30%), Other (20%), Internal (14%), Medical (14%)
(breaches)
(source: Verizon DBIR)

21. Top Patterns
Phishing
Account takeover
Social Engineering
Malware
Ransomware
(source: Verizon DBIR)

22. How to Secure Customer Data
Train yourself and your employees
Create secure passwords/ use MFA, avoid clicking on links, don’t install software
you did not buy, don’t give any information to people over the phone
Collect only the information you need to provide service (minimize risk)
Secure your internet connection (WiFi) or wired
Use secure online payment processors and limit the employees access to
customer information.
Encrypt and backup your data.
(source: Verizon DBIR)

24. What can you do as a SCORE mentor?
Bring up the subject of cybersecurity early and often
Discuss the need for security awareness training
Discuss the need for MFA for all online accounts

25. An ounce of prevention is worth a lot of $$$

26. Let’s connect