Is the Cyber Sky Really Falling? How SMBs Can Separate Fable from IT Security Fact

Is the cyber sky really falling? In the classic fable, Chicken Little causes widespread panic when he mistakes a fallen acorn for a piece of the sky, believing the world is coming to an end. After taking flight, he persuades a cast of animal characters to join him. Soon, a cunning fox takes advantage, lures them into the woods and eats them all one by one. The moral? Don’t believe everything you are told.

This parable can also be applied to cybersecurity and emerging threats impacting IT business practices. But in today’s modern-day telling, the cagey fox is now a cybercriminal after your client’s personal credit card information, your company’s intellectual property or other data they can use to infiltrate someone else’s computer system. But like many tales told over and over, in the course of time we become numb to the telling. Or we believe it won’t happen to us. Our data is encrypted, so we’re fine. We have a firewall. Our antivirus software is state-of-the art.

“There is no fool-proof system for securing all your personally identifiable information (PII) all the time. There is no way to protect against a truly determined thief, so your best efforts need to be directed towards reducing your risks where and whenever possible,” says the Identity Theft Resource Center (ITRC) in its Best Practices For Small to Mid-Range Businesses fact sheet (available here). Be sure to consider all key elements when pulling together your prevention strategy: physical security, electronic security, employee training, and the security practices of business relationships. 

Experts advise companies to develop a cohesive IT Security Plan for data theft prevention and to have a Cyber Response & Crisis Plan ready to go should they become the victim of data theft. In a recent panel sponsored by the Small Business Administration (SBA) on cybersecurity, business owners were told by SBA Deputy Administrator Doug Kramer almost half of all small businesses have been victimized by some degree by cybercrime, and the average cost of attack is approximately $21,000.

“Anyone who’s starting a small business is working as hard as they can, with no extra time or money to deal with a cybersecurity challenge that might cost more than expected and mean life or death for a small business,” Kramer remarked. “The threat of cyber intrusion and theft is very real. Small businesses measure assets and inventory in different ways, but they sit on a treasure trove of information.”

Fortunately, by taking pragmatic steps business owners and managers can dramatically reduce their risks from cyber attacks. A free seminar on Making Sense of Cybersecurity for Businesses is one place to learn more about the latest cyber threats; how to identify IT vulnerabilities and build a better security defense; crisis planning tips; and data breach / cyber security insurance and how this differs from traditional liability insurance. I’ll be part of this breakfast panel and it will be hosted at the Town Bank in Pewaukee, WI (corner of Hwy 164 and Capitol) on Friday, Sept. 16. Register here to attend.

In addition, there are online resources for small business owners and managers to tap into when tasked with managing their cybersecurity. Here are just a couple:

  • The Federal Communications Commission (FCC) created the Small Biz Cyber Planner to help you evaluate your current cybersecurity posture and create a plan. The FCC recommends that your cybersecurity plan focus on three key areas: 1) Prevention: Solutions, policies and procedures to reduce the risk of attacks; 2) Resolution: Plans and procedures to remedy a threat in the event of a computer security breach; and 3) Restitution: Reputation management strategies to ensure that any loss of trust or business is minimal and short-lived. 
  • SBA Online Course: Cyber Security for Small Businesses Cyber Security for Small Businesses helps you learn more about the security principles you should keep in mind when online.

For business owners still on the fence about whether it’s time to step up their cybersecurity game, carefully consider these four questions:

1) Do you receive or collect PII (personally identifiable information) from customers, banks or credit card companies?

2) Is any of this information shared or delivered via email or through a website?

3) Is any of the information maintained or stored in a computer database, on a hard drive, network or via a cloud-computing system?

4) Is the information accessible to select employees, consultants, service providers or other third-party vendors?

If the answer to any of these questions is yes, than perhaps it’s wise to be prepared.

As a small business owner myself, I am diligent but as concerned about data privacy and security as the next person. I stay alert for phishing scams and have the best anti-virus software available. But today even the most astute companies and their employees may find there are gaps in their cybersecurity armor. Despite adopting best security practices, the unthinkable can happen as hackers adapt their methods and find ways around the latest technology. And like Chicken Little’s fox, cybercriminals are very skilled at luring people in and getting them to click on a link or open an attachment.

If you are experiencing a cybersecurity issue or would like support to better prepare your small business for this threat, please contact me at

The views expressed here are mine and mine alone. They do not necessarily reflect the opinions of my former employers, current friends and colleagues, nor anyone I may have met in the past or may meet in the future.

About Mary Brophy

Mary has held leadership positions at the world’s largest independent PR agency, Edelman Worldwide, Cramer-Krasselt, Jacobson Rost and other leading agencies. Her background includes advising CEO-level executives on a variety of crisis communications and reputational issues.