One of the strengths of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the colleges, universities, and other institutions of higher education throughout our state. Hence the name "Perspectives from the Campus Series”, we invite experts -- immersed in the pursuit of educating their students -- to offer their knowledge for finding solutions in cybersecurity that benefit all Hoosiers.

In the latest installment of this series, David Dungan, who serves as the Executive Director at the Center for Security Services and Cyber Defense at Anderson University, joins in the celebration of National Small Business Week and discusses why it’s important for small- and medium-sized businesses to be able to access affordable – including free – resources to cybersecurity and highlights why it benefits all of us.

By David Dungan

When it comes to protecting our critical infrastructure, the conversation, appropriately, is focused on such things as our water and wastewater systems and electric power grids.

And without question, keeping these resources secure and protected from cyberattacks is a monumentally important priority for our nation, our state, and the communities where we live, work and play.

That said, there is another part of our community that would benefit from the opportunity of gaining a greater level of access to affordable – including free – cybersecurity resources that can be summed up in two words – small business.

It’s National Small Business Week, and whether your definition of a small business is the “mom and pop” accountant, who’s done your taxes for years, or it’s medium-sized company that’s growing rapidly, small to medium-sized businesses (SMBs) are one of the most essential parts of the American economy today, and it’s pretty big deal in the Hoosier State, consider:

• SMBs account for 43.5 percent of the United States GDPand they employ 61.7 million Americans.
• In Indiana, there are nearly 500,000 small businesses that employ 1.2 million people; a figure that accounts for nearly 45 percent of all employees statewide.

Yet, for all of the opportunities that exist out there, the average impact of a data breach on an organization with fewer than 500 employees – according to IBM’s 2023 Cost of a Data Breach Report – is $3.31 million; the average cost for every record that’s breached is $164.

And it doesn’t stop there, with the indirect costs that come from the disruption to the business itself and downtime, a (potential) loss in customers, not to mention the damage that can occur, as it involves a company’s reputation, credibility, or brand.

Fortunately, thanks to the important work that’s been done by various government agencies – at both the federal and state level – a variety of helpful resources, tips, and best practices have emerged to help SMBs better protect themselves while, at the same time, rely on solutions they can use to mitigate potential threats and, if the worse case scenario happens, they can have a plan in place to recover. What’s more, these solutions have been tailored in a way to fit the average SMB budget, including:

• The Center for Internet Security (CIS) offers 20 recommended controls, which act as a set of recommended guidelines on how an organization can secure their cyberspace.
• The Cybersecurity and Infrastructure Security Agency (CISA) offer its cyber guidance for small businesses and it also provides free cybersecurity training and exercise resources as a solution for help small business owners establish effective and practical mechanisms, identify lessons learned, as well as highlight areas for improvements in plans and procedures.
• The Federal Trade Commission also has developed a collection of cyber guides and resources that have been designed expressly for SMBs.

Here in Indiana, some of the programs and solutions, specific to cybersecurity, are right in the name, and all the resources are FREE-to-download on the Indiana Cyber Hub website, including:

• The GCA Cybersecurity Toolkit is a no-cost resource for small business owners as they improve their security. Available from the Indiana Small Business Development Center (ISBDC), it allows you to select from a wide range of tools to find the resources that best fit you and your business' needs.
• The Cyber Insurance Toolkit is intended to help businesses and organizations understand what cyber liability insurance is, what it covers and why it's become an increasingly important part of a company's risk management strategy.
  • Drawing on the knowledge and expertise of insurance professionals and members of the legal profession, the Toolkit features a wealth of information from trusted sources -- everything from the types of questions to consider asking as part of an underwriting document to understanding how you can implement reasonable security controls (without spending a great deal of money) while, at the same time, exercising due diligence.

As a small business owner, it’s easy to feel as though the “one thing” (at any given moment) you’re trying to do to help your business grow is just out of reach. That’s why it’s important to keep in mind that when it comes to cybersecurity, it doesn’t mean you have to be defenseless, as there is a great deal of information (a lot of it free…) to help you stay better protected. It’s a win-win for all of us!