For any business, new or old and regardless of size, cybersecurity is a business service of utmost importance. As news reports have shown, cyber attacks can happen to any company of any size at any time and can end up costing businesses more than the cost of protection against them.
The United States Cybersecurity and Infrastructure Security Agency, which works to strengthen the security and resilience of cyberspace through education and communication about cyber trends and attacks, recommends using strong passwords, updating software, knowing which links are suspicious and turning on multi-factor authentication as some of the best cybersecurity practices.
According to a report released by the Arkansas Senate, 130 cyberattacks were reported in 2023 against local and state governmental agencies, more than twice what was reported in 2022. As of December 2023, 73 of the cyberattacks had been resolved, and the rest were under investigation.
Arkansas, in an effort to strengthen its response to cyber threats as a whole, has been introducing legislation steadily. In 2021, lawmakers voted to require the reporting of cyber threats against public entities. This helps the state’s security officials evaluate incidents and plan against similar situations.
In 2023, the legislature passed two more acts in response to cyber threats. This includes Act 846, which formed the Arkansas Cyber Response Board. The board will oversee a self-funded insurance program that protects counties, cities and schools from damages caused by cyber attacks. Government entities will be required to upgrade their computer systems in order to meet the security standards required to participate. Act 504, also introduced last year, requires local governments to have policies that govern use of technology and their approach to cybersecurity.
In Arkansas, private businesses are doing their part in the battle against cyberattacks.
Datamax
Datamax has several locations throughout Texas, Arkansas and Missouri and has served the Natural State since 1983. It provides network security and data protection services, in addition to business technology solutions, technology assessments, information-technology consulting and more.
“The security landscape has changed, and people can no longer do business with technology the way they did five or 10 years ago,” said Justin Huffaker, vice president of strategic technology.
Small businesses are just as much at risk as larger corporations when it comes to cyber threats, and Datamax offers training and education about these risk factors. Huffaker said Datamax provides these services to various industries and regularly to businesses with 25 to 250 employees.
“Everyone thinks it won’t happen to them. That’s not new. That’s why people resist change,” Huffaker said. “That’s why I tell businesses that they need to take cybersecurity seriously.”
Huffaker starts businesses off with a basic three-step piece of advice: 1. Take it seriously; 2. Know size does not matter and that every business is a target; and 3. Don’t entrust defense simply to technology.
“Social engineering is the biggest threat. This takes advantage of us as human beings and the mistakes we are prone to make. The most common mistakes happen when people are exploiting these weaknesses,” Huffaker said.
Huffaker suggested employee education is one of the strongest forms of defense, as hardware and software solutions are not permanent fixes. The education and training includes not just annual in-person training, but dedicated meetings about security. Because turnover is a fact of life, Huffaker said, training should also be implemented during onboarding processes, so new employees do not become the means of a breach.
“A lot of people want to throw hardware and software at the problem, but a comprehensive cyber defense requires more effort,” Huffaker said. “Hardware and software require a methodical approach to patching and updating. However, end-user education is critically important and frequently overlooked.”
He added that it is a misconception that these technological solutions will protect a company from the first quarter to the fourth quarter with no maintenance.
Further education outside of the office can be beneficial, including testing employees through phishing emails or scam telephone calls, which are common, he said.
While there are no guarantees a company will not be hit with a cyber attack, obtaining cybersecurity services is to an employer’s benefit. Huffaker likened implementing good cyber practices to choosing to live a healthier lifestyle in the new year. Both resolutions take a genuine effort and require a commitment to see long-term benefits.
“Improving security is hard. You have to make changes in business, and sometimes these changes make things less efficient. It’s only through making a commitment that security improves,” Huffaker said.
In addition to continued education and risk awareness, Huffaker said Datamax is encouraging customers to seek out a third-party audit at least once a year to determine where the gaps may be in their defense strategy.
“It’s better to spend a little money up front, rather than losing more money and reputation later. Security audits prevent companies from enduring much bigger losses,” Huffaker said.
Pinnacle IT
Pinnacle IT is a business technology solutions provider founded in Little Rock in 1992 as the Computer Hut. Its service area covers the entire state, and it has locations in Little Rock, Fort Smith, Lowell, Jonesboro and Texarkana, Texas.
Pinnacle serves all sizes of firms with a focus on small to medium-sized businesses.
Arin Griffin, systems analyst with Pinnacle IT, said the company offers a wide range of solutions, including cybersecurity awareness training to help combat the ever-evolving security landscape.
Griffin said the most common threats Pinnacle IT has seen are email phishing scams for money extortion and network breaches through email phishing.
Logging data and monitoring potential data breaches are two areas that employers should be watching for, she added.
“In terms of logging data, ensure that you are getting good, solid backups. You want to ensure that in the event you need to restore from a backup, your data is solid and not corrupt,” Griffin said. “As for monitoring for potential breaches, there is a wide range of software that alerts users if malicious activity is detected.”
One of the biggest threats to businesses of all sizes, and especially small businesses, is the revenue loss that can come with failing to protect against cybercrime.
“From what I have seen, it can take weeks to months for a client to fully return to operations. Depending on the level of breach and what was accessed, it could force some businesses to close if they were to be hit with a security incident with no proper security protocols or preventatives in place,” Griffin said.
To determine which services a company needs, Pinnacle IT starts with an assessment of the network, which will help determine the solutions that fit a client’s needs, she added.
Pinnacle IT serves many industries but mostly works in the legal, health care and property management industries, three of the biggest targets for cybercrime since they typically carry the most valuable data, Griffin said.
“As the landscape for cyber-threat actors evolves, we could see an uptick in logistics and supply-chain attacks, waste treatment centers and public utilities becoming targets,” Griffin said.
Network Services Group
According to Network Services Group’s Jeff Spann, who serves as the company’s executive vice president and chief information security officer, it is important for organizations to recognize the need for cybersecurity before enduring a cybercrime.
“Unfortunately, most people don’t even consider needing these services until they’ve had a problem or they’ve heard of another organization close to them having a problem,” Spann said.
According to Spann, Network Services Group handles managed services that contain a lot of security outright, but companies still need to take advantage of risk assessments, making necessary policy changes, knowing what to do in response to incidents and more.
Spann, who has 20 years of experience in cybersecurity, has been responsible for security protection for multiple industries and knows the common threats companies face. Spann said it is not necessary for a company to be a managed service client to receive cybersecurity services from Network Services Group.
“It is just about every business that will be attacked at some point, and businesses are attacked all the time, but if you have proper cybersecurity tools in place, that helps mitigate and block a lot of what is happening. The most important thing is for a company to know how to respond,” he said. “Companies need to be able to understand risks, and employers should be able to plan how to mitigate these risks proactively.”
Proactive management reduces the risk of a business-altering cyber situation from occurring. Spann said examples of being proactive include utilizing two-factor authentication, having employees use different passwords and usernames for different emails and accounts, and being trained to know which links are spam.
He said a cyber attack can be something as simple as someone using an employee’s email to something as complex as compromising company computers. This can come in forms of ransomware, which can ultimately cost businesses significant amounts of money.
Spann said he recommends a training tool that tests employees by sending phishing tests and through emails and calls. These tools monitor which employees click on the emails and help to determine the amount of training needed.
“We always recommend some training videos that are associated with the attacks companies are susceptible to. We want to do this regularly throughout the year to truly educate and train companies on how to recognize when phishing is happening,” he said.
Live training is also a great benefit to organizations, he added, because it helps reduce risks and encourages understanding of what cybersecurity is.
“Everyone I’ve done live training for has absolutely loved it and thinks they should be doing this kind of training all the time. I’ve had some clients come back every year for 10 years to ensure continued employee education,” Spann said.
READ ALSO: AMP Influencers 2024: Katie Beck A Dynamic Leader
Copyright © 2020 Arkansas Money and Politics. All rights reserved.