The Coronavirus has impacted our everyday lives from two basic fronts:  The personal and the professional.  With the former, we are pretty much confined to our houses until all of the lockdowns end, and the professional, well we have seen what the damages have been in terms of the layoffs, the hugest spike in unemployment claims ever seen. 

And for businesses, the primary issues are now of that of Working From Home (WFH), and the productivity that is happening with that.

But keep in mind that it is not just one industry that is being impacted (though the services industry, such as restaurants, fast food companies, etc.) having been bearing the worst brunt of this.  Every business that I know of is hurting right now, all the way from the largest and the richest of the Fortune 500 all the way down to the smallest of the SMBs. 

Some businesses may be more directly impacted, but the indirect effect of the Coronavirus is what is killing the businesses in the end.

But, as I peruse through the headlines on a daily basis, I am finding that all of the limelight is on how the larger businesses are suffering.  Nobody seems to be caring too much about the SMB.  This is extremely unfortunate, as it the SMB that drives a bulk of the American economy.  And of course, SMBs are on a much tighter budget than the Fortune 500 companies, so right now, money and cash flow is a huge, huge concern.

While the Coronavirus has also shed a completely, unpredicted light on what it means in terms of Cybersecurity, many of the SMBs are literally scared to death as to what the WFH ramifications are and will continue to be in the future, as well as the security risks that are involved with a remote workforce.

This finding has been further substantiated by a recent study conducted by the  Cyber Readiness Institute ( aka CRI) just as the Coronavirus was breaking out, from March 25-27. 

They conducted a market research project, in which 412 SMB owners were polled.  Here are some of their key findings:

*Over 50% of the SMBs are concerned that WFH will lead to more Cyberattacks;

*40% of them feel that uncertainty about WFH and how long it will last will prevent them from making the needed investments in order to beef up their lines of defenses;

*The most worried SMBs were those with less than 20 employees:

               *Only 22% of them provided any kind of WFH training;

               *Only 33% provided any real type of Cybersecurity training;

*Only 40% of the SMBs have actually implemented any kind of WFH policy;

*Almost 60% of them said that their employees are probably using unauthorized devices in order to conduct their everyday job tasks, such as using their own personal Smartphone;

*55% of them believe that the state and federal governments should provide more funding in terms of Cybersecurity to SMBs;

*51% of the SMBs polled said that they provide their employees with company issued devices with the required security protocols on them.

My Thoughts On This

I truly understand and feel the pain of the SMBs, as I am an SMB owner myself, and in full transparency, even my own cash flow has started to slow down.  But just because there is a slow down with the revenue, this does not mean that you necessarily have to spend a lot of money to have good Cybersecurity practices. 

Probably the best way to start off is with the basics of how to maintain good levels of “Cyber Hygiene”.

This can be likened to the mantra that we are hearing on a daily basis, such as washing our hands all of the time, maintaining a reasonable distance with people, etc.  Some of the basics of good Cyber Hygiene include the following:

*Maintaining strong passwords and resetting them on a random basis.  Using a Password Manager is best for this, and many of them are now offering extended free trials and even lower cost paid subscriptions during this crisis;

*Making sure that your employees abide by your Security Policies;

*Making sure that your employees are downloading the required software patches and upgrades.  This can even be done on a remote basis, assuming that your employees have a company issued device;

*Making sure that your employees are not using their own personal devices to conduct work related matters;

*Holding from time to time virtual training seminars in teaching your employees in how to potentially spot a looming Cyber threat, especially if it is a Phishing Email;

*Answering any questions, concerns, or fears that your employees as your employees are WFH.

For a more complete list on how to start with the basics of maintaining the proper levels of Cyber Hygiene, click on the link below:

https://www.cyberreadinessinstitute.org/cyber-readiness-news/securing-a-remote-workforce

Also, SMB owners keep in mind that through the $2 Trillion stimulus package that was passed, you are also eligible to apply for what are known as “forgivable loans”.  You will need to contact your bank first in which you have your business accounts to see what the specific application process is. 

From what I understand, I think Congress and the Senate are even trying to hammer out more funding for these loans, as there has been a huge demand for them.

Third, as things return to some state of normalcy, now that Cybersecurity will be on your mind, you do not have to go out and hire a dedicated, full time security team.  This will only break your fragile budget.  Rather, invest in something called the “vCISO” program. 

This stands for “Virtual CISO”, and as the name implies, you can hire a CISO on a virtual basis.  Although you may be sick of hearing the “virtual” at this point, the vCISO program does come with some distinct advantages which are as follows:

*The costs are actually very affordable.  The contracts are on a fixed term length and can be modified further depending upon your specific needs.

*You get a dedicated CISO to guide you through the Cybersecurity maze.  Very often, these will be retired professionals, those that have been laid off, or those that have been simply burnt out by the corporate life.  More than likely, they will also have a deep line of contacts that they can tap into in order to further augment your existing IT staff. 

*The vCISO will provide an unbiased, objective view of what you need to do, as well as what you do better.  The truth may hurt at times, but it will only be for the good of your business and your employees.

*If you don’t have the time to provide the security training for your employees, the vCISO can also do it on your behalf.

Third, keep in mind that many Cybersecurity companies are now even offering free or greatly reduced services to just about anybody who needs them.  Many of them are now offering exclusive WFH packages, so if you do a Google search, you will see some of them.

Fourth, remember ASAP, its now time to formulate your Incident Response, Disaster Recovery, and Business Continuity Plans, make sure they are up to snuff, and once things return to some state of normalcy, that you practice and rehearse them on at least a semiannual basis. 

But the important thing to keep in mind is that you update your respective policies in order to reflect the lessons learned from the rehearsals.

Fifth, if you are not already there, consider seriously of migrating your entire IT Infrastructure into the Cloud, such as using the Amazon Web Services (AWS) or Microsoft Azure.  By using Cloud based platforms, you can provision your remote workforce very quickly.  For a nice article on how to do this, click here:

Sixth, remember to invest in a good Cybersecurity Insurance Policy.  Many of these are now available from the major insurance carriers, and the cost to them, given the crisis that we have, are actually pretty affordable.  But, make sure you know what you are getting, and that you will be covered. 

These policies can be complex to understand, so make sure to get a good insurance broker to help you out with this process.

Seventh and finally, if you need help, you can always reach out to me.  Remember, the mission statement to my business is to provide the information that you need to help you with your Cybersecurity needs.  You can also post your questions, comments, and concerns on my Cybersecurity Forum at:

www.cybersecurityforum.fm