The United States as far as I am concerned, is the economic powerhouse of the world. Yes, there are others who can do it cheaper like India and China, but in the end, the consumer also wants quality. And, where better to get that than here on our own home soil?
The US Economy has been battered before, such as during 9/11, the 2008 financial crisis, and now, the trade war with China. But you know what, we have weathered through all of this before, and will get through it again.
That is the testament to the strength of our financial markets. But many people forget what drives the American economy. Many of us think it is the Fortune 500 or even the Dow Jones 30 stocks that make it up, but that is far from the truth. The main catalyst behind the United States economy is the small to medium sized business, also known as the “SMB”.
The SMB to the American economy is unique. For example, just about anybody can start one, and if they are successful enough, he or she can even launch in into a full-time career. It takes a combination of hard work, timing, luck, and of course, a great deal of persistence. But another common denominator with the SMB is that (even including me) we are all on tight budgets.
We must maximize every cent that is spent to the greatest extent possible. In a way, this is a good thing, because it forces the SMB owner to think outside of the box and find resources that were once thought unimaginable. In this aspect, the trend towards using the SMB remote and freelance workers has picked up significantly, because it is a much more financially viable option that hiring full time employees. But there is a tradeoff here.
You are hiring someone whom you have not physically met with face to face, the only interaction you have had is through virtual meetings. These employees can be displaced geographically in any part of the world, where turmoil could spring up at a moment’s notice.
An employer can still conduct a background check, but again, how far will that go in assuring that the SMB’s IT Infrastructure will be safe when it is accessed remotely by these kinds of workers? Of course, there are no guarantees in this.
These same feelings have echoed by a recent study that was conducted by Nationwide Insurance, in their 5th annual “Business Owner Survey”. Here are some of their main findings:
*65% of the SMBs have been a victim of a Cyberattack (Malware is at the top, with Phishing coming in at a close second);
*86% of the respondents feel that the digital risk, especially when it comes to remote and freelance workers will only continue to grow;
*30% of the SMBs polled in this study do not offer any type of Cybersecurity Awareness training to their employees (this includes both direct hire and remote workers);
*7% of the SMBs do not follow a regular schedule for applying software patches and upgrades to their servers, workstations, and wireless devices;
*45% of the SMB owners feel that there is a new type of risk that is emerging, which is known as “Reputational Risk”. This occurs when an SMB has been hit by a Cyberattack, and the unknown financial losses that occur when it comes to a tarnished brand image and lost customers as a result;
*35% of the SMB owners admit that they are fully unaware of the financial repercussions if they were to be hit by a Cyberattack because they have never been impacted by one yet;
*50% of the SMB owners polled have not updated their Security Policy in the last year.
My Thoughts on This
So far, to the best of my knowledge, the SMB has not been totally impacted by Cyberattacks to the degree that the much larger corporations and businesses have been exposed to. A primary reason for this is that in the eyes of the Cyberattacker, there is much more to be gained from a larger, prized target. There is also the prestige factor.
A Cyberattacker will get an emotional high if he or she hears in the news that they were successful in breaching the lines of defense at the Marriott Hotel Group versus the average Mom and Pop store just down the street.
But in terms of the other findings, I am not surprised. Malware and especially Phishing, will continue to be most favored threat vehicles for the Cyberattacker. That will not change anytime soon and will only likely to grow worse in the long term. The lack of Cybersecurity Awareness training to employees seems to be about the same as with the larger organizations in Corporate America.
As I have written before, this is something that needs to be implemented by every business, no matter how big or how small on a regular basis. Yes, it is a time-consuming task, but it is something that will pay dividends in the future. Employees need to keep getting reminded of the importance to maintain good levels of “Cyber Hygiene”, and the implications of what is at stake – namely their jobs, if they are working for an SMB.
But there are two findings that did pique my interest further. First, is the very low rate of SMBs not applying patches and software upgrades. I was very surprised about this, as I was thinking that the number would be much higher than this, as it is the case with the Fortune 500.
Second, I was also surprised to see the high number of the SMBs that were concerned about Reputational Risk that they would incur, even though they were not concerned about direct financial risk that they would be at as a result of a direct Cyberattack. It seems like to me that that this would be reverse.
But this underscores the need for a Cybersecurity Insurance policy, in order to cover all kinds of risks that an SMB may be exposed to, whether it is a direct (such as data loss) or an indirect cost (again, the Reputational Risk).
In response to all of this, the United States Small Business Administration came up with their own laundry list of items that an SMB can do to protect themselves from the risks borne by hiring a remote, or freelance workforce. There is no need to repeat them further, as I have written about them before in previous blogs.
But here is one thing differently I will say: As an SMB owner, if you ever do ever hire a freelance workforce, one of the best protective measures that you can take is not to give them access to everything. Just give them what they need. For example, if your IT Infrastructure is based mostly in the Cloud, simply create the needed folders with only “Read” privileges and give them access to upload their work so that you can review it.
Finally, the more information about the study mentioned in this blog can be seen here: