In partnership with:

Small Business, Big Threat: Creating Cyber Safe Culture in

Your Small BusinessMichigan Small Business

Development Center

Today’s Topics

Introductions

National & International Crisis

Why Culture?

People, Process, & Technology

Interactive session

The Michigan SBDC

Funded through a cooperative agreement with the

• U.S. Small Business Administration (SBA)

• Michigan Economic Development Corporation (MEDC)

• Matching funds from Local Network partners in each region.

Scott Taber

tabers@gvsu.edu

Cybersecurity Awareness Specialist

Latchezara Smith

smithlat@gvsu.edu

Strategic Programs Manager

Michigan SBDC Services

• No cost 1:1 business consulting

• Business education

• Information-based planning through (secondary) market research

• Technology commercialization

Michigan SBDC Business Education

Take advantage of in-person and online learning opportunities for entrepreneurs. The MI-SBDC offers a variety of trainings presented by experienced professionals who can help you start and grow your business.

Register at SBDCMichigan.org/training

Topics Include:

• Starting a Business

• Business Plan

• Financial and Accounting

• Customer Relations

• Government Contracting

• Internet and Social Media

• Legal

• Management

• Marketing and Sales

• Cybersecurity

Globally reported complaints to IC3

0.00

50,000.00

100,000.00

150,000.00

200,000.00

250,000.00

300,000.00

350,000.00

400,000.00

2014 2015 2016 2017 2018

269,422288,012

298,728 301,580

351,937

352,000 complaints

Complaints

Source: Internet Crime Complaint Center 2019

Globally reported losses to IC3

$0.00

$500,000,000.00

$1,000,000,000.00

$1,500,000,000.00

$2,000,000,000.00

$2,500,000,000.00

$3,000,000,000.00

2014 2015 2016 2017 2018

$800,500,000

$1,700,000,000

$1,450,000,000$1,418,700,000

$2,706,400,000

$2.7 billion in losses

Losses in Dollars

Source: Internet Crime Complaint Center 2019

Reported complaints in Michigan to IC3

5,800

6,000

6,200

6,400

6,600

6,800

7,000

7,200

7,400

7,600

2016 2017 2018

6,384 6,400

7,533

Michigan ranked 15th nationally

Reported Victims

Source: Internet Crime Complaint Center 2019

Reported losses in Michigan to IC3

$0

$10,000,000

$20,000,000

$30,000,000

$40,000,000

$50,000,000

$60,000,000

$70,000,000

$80,000,000

$90,000,000

2016 2017 2018

$24,174,754 $25,362,646

$80,929,815

Michigan ranked 8th most in losses

Reported Losses

Source: Internet Crime Complaint Center 2019

Estimated costs of data breaches

• $175B in the U.S.• Source: McAfee 2018

• $600B Globally• Source: McAfee 2018

• $6 TRILLION globally by 2021• Source: Cyber Security Ventures 2017

• $117,000 per breach for small

businesses• Source: Kaspersky Lab 2017

The reasons behind the attacks

Source: Verizon DBIR 2019

$1.5 trillion in

cybercrime revenuesSource: Bromium 2018

71%

25%

Data breaches impact small business

Source: Verizon DBIR 2019

Cybersecurity Framework

People

Technology Process

Office culture

Culture is the character and personality of your organization. It's what makes your business unique and is the sum of its values, traditions, beliefs, interactions, behaviors, and attitudes.

Successful Phishing Campaign

1 min • 11% of Users

5 min• 25% of Users

60 min• 52% of Users

Proofpoint’s The Human Factor 2018 Report

“Culture eats strategy for breakfast.”- Peter Drucker

It’s All About People

Employees …

• Stability

• Predictability

• Communication

• Overbearing managers

• No input

• Lack of support

Focus on

• Stability• Trust in leadership

• Understand the why

• Predictability• What to look out for

• How to recognize it

• Oops, now what?

• Communication• Awareness

• Openness

• Trust

How?

• Awareness campaign

• Fun

• Communication

• Reward behavior

• Play games

• Management buy-in

• Do not be discouraged

Examples

Pop Quiz!

Scenario (phishing)

Subject and Sender

Supposed Authority

Asking you to click a

link

Spelling and Grammar

Sense of Urgency

Scenario (phishing)

Subject and Sender

Sense of Urgency

Asking you to

click a link

Scenario (phishing)

Subject and Sender

Asking you to

click a link

Sense of Urgency

Scenario (phishing)

Subject and Sender

Asking you to

click a link

Sense of Urgency

Scenario (phishing)Subject and Sender

Sense of

Urgency

Asking you to click

a link

Asking you to click a

link

Scenario (vishing)

• St. Mary’s Prayer

• US Treasury

• IRS Tax Crime

• Watching You

Culture change takes time…

People

Technology Process

Cyber policies

• Cybersecurity Policy• Formal business policy stating the process of

safeguarding data & technology from corruption, loss, & compromise

• Other important cybersecurity policies• Acceptable Use• Data Classification• Mobile Device• Email• Clean Desk• Disaster Recovery• Data Breach• Data Protection

Policy complications

People

Technology Process

Technology

Basic practices (the musts)

• Backup your data daily

• Properly configure your network(s)

• Deploy anti-virus & anti-malware solutions

• Use strong user credentials

• Update software & hardware regularly

• Train yourself and employees regularly

Thank you!