Why Small Businesses May be More Vulnerable to Cyber Attacks

With more products and services being offered online and with the uptick in the amount of people working remotely, cyber security is an even greater concern than ever before. Learn how to keep your company safe.


Since the pandemic, many small businesses are staying afloat utilizing cyber business methods, new technologies, e-commerce or online business sales, as well as using remote workers. While these changes may be good, they have also created new opportunities for cyberattacks. More than half of small business owners say they are more worried about potential cyberattacks since the pandemic began. It is very important that small business owners become proactive in protecting their information systems and in training their staff to detect any attempts at cyber-fraud.

The vast majority of cyberattacks come through email scams and phishing attempts or malicious software. Businesses with more than 20 employees and those who utilize remote workers seem to be most at risk of a cyber-fraud incident. Additionally, the business sectors involving manufacturing, wholesale trade, and administration management are also at greater risk.

A cyberattack on a small business can result in both stressful and financial effects. It can negatively impact everything from their banking information to business relationships and more. It is a good idea to invest in cyber insurance if it is available.

RELATED: 11 tips for keeping your company secure.

Additionally, there are a few other steps that a small business can take to help ward off cyberattacks including:

  • Train your employees about cyberattacks, how to detect them and how to avoid them.
  • Establish basic security procedures for employees, including using strong passwords, how to protect customer data and other vital information.
  • Update all devices to the latest security software, web browsers, and operating systems. Use antivirus software and firewalls.
  • Create a mobile device action plan to encrypt data for employees who are working remotely. Each employee should have a separate user account in order to trace any activity if there’s a problem.

RELATED: Read more by Tim Dimoff.

  • Back up critical business data and store the information in the cloud.
  • Secure Wi-Fi networks with Service Set Identifier (SSID) and password protection.
  • Work with banks or credit card processors to safeguard payment information.
  •  Talk with other business owners and share information on known scams, attacks and best practices.
  • Report any cyberattacks to law enforcement or other authorities. Notifying the Better Business Bureau is also a good idea.

It is more important now than ever to protect your information. Small businesses are vulnerable to attack but taking some precautionary measures will go a long way toward protection.

President, SACS Consulting & Investigative Services, Speaker, Trainer, Corporate Security ExpertTimothy A. Dimoff, CPP, president of SACS Consulting & Investigative Services, Inc., is a speaker, trainer and author and a leading authority in high-risk workplace and human resource security and crime issues. He is a Certified Protection Professional; a certified legal expert in corporate security procedures and training; a member of the Ohio and International Narcotic Associations; the Ohio and National Societies for Human Resource Managers; and the American Society for Industrial Security. He holds a B.S. in Sociology, with an emphasis in criminology, from Dennison University. Contact him at info@sacsconsulting.com.



  • Email
  • Next up: Year End To-Do Small Business Security Checklist
  • More in Operations
  • Year End To-Do Small Business Security Checklist

    As the year comes to a close, here are three things you should check on when it comes to keeping your small business safe and secure.


    As we come to the end of 2020, a year that has presented new challenges and forced new ways of doing business for many of us, it’s time to review and update our business policies and procedures. This year has been especially challenging for many small businesses due to the need to put into place new ways of doing business, taking on new expenses to keep employees and customers safe from COVID 19, learning to do business remotely and much more. These new business models have come with new procedures, new business methods and new challenges.

    Check Your Employee Handbook
    A good place to start your review is to take a look at your employee handbook. Even a small business needs an employee handbook, so if you don’t have one, now is the perfect time to write one. In writing one or updating an old one, make sure the information in it is an accurate representation of your company and its culture. You may need to add a new section that covers remote working policies for your employees or a section on wearing masks, social distancing and other new procedures. You may need to include a section on rules for using electronic equipment if employees are working remotely. It’s important that you bring your handbook up to date with any and all changes that have taken place in your ways of doing business. Be sure to distribute the updated copies to all employees and have them sign that they received a copy.

    RELATED: Do you have these 10 things in your employee handbook?

    Check Your Finances
    This is also a good time to assess the financial state of your business and complete your accounting end-of-year checklist.  Along with this comes a review of your internal controls. This is a very important review to help you decide whether or not additional controls or fail-safe procedures are necessary. Employee theft is a huge problem for small businesses costing as much as $50 billion dollars annually!  Even if you have trustworthy employees who have been with you for years, you are still at risk for internal theft and fraud. Take the time to review all your internal controls. These can include your policy on writing and signing checks, who has access to cash, penalties for theft of merchandise and more. 

    RELATED: Read more from Tim Dimoff.

    Check Your Security
    You should also review your security practices and equipment if you run a business that could experience shoplifting or customer theft. With people out of work due to the pandemic, there is a greater chance you could be the victim of this type of theft. Make sure your establishment is secure and prepared to prevent and detect any type of theft.

    Equally as important is a review of your physical security practices. Ensure your building and your parking areas are well lit. Update your entrance and exit security procedures. Double check your internal theft prevention procedures. Make sure you have the latest and most secure cybersecurity possible. 

    While these reviews may seem daunting, they are very important to keeping your business safe and secure. If you are not sure how to do these updates and reviews, you can hire a company like mine to assist you. Reviewing all of these things will give you enhanced security and peace of mind. 

    President, SACS Consulting & Investigative Services, Speaker, Trainer, Corporate Security ExpertTimothy A. Dimoff, CPP, president of SACS Consulting & Investigative Services, Inc., is a speaker, trainer and author and a leading authority in high-risk workplace and human resource security and crime issues. He is a Certified Protection Professional; a certified legal expert in corporate security procedures and training; a member of the Ohio and International Narcotic Associations; the Ohio and National Societies for Human Resource Managers; and the American Society for Industrial Security. He holds a B.S. in Sociology, with an emphasis in criminology, from Dennison University. Contact him at info@sacsconsulting.com

  • Email
  • Next up: 10 Benefits of Using Subscription-based IT Services for Your Business
  • More in Operations
  • 10 Benefits of Using Subscription-based IT Services for Your Business

    Enlisting the help of a Managed Service Provider for your IT needs is becoming increasingly popular. Here are 10 reasons why.

    Have you noticed there seems to be a subscription for everything these days? In the good old days it was just things like magazines, newspapers and the occasional jelly of the month club. But today just about anything comes in subscription form—clothes, makeup, dinners, wine, pet items. The list goes on and on.

    And it’s not just individual subscriptions. Increasingly, companies are opting in to the subscription-based services mindset as well. They are saving themselves time, money and hassle by enlisting the help of a Managed Service Provider (MSP) to take care of their IT needs. It’s estimated that in 2019, managed services spending could account for nearly 20% of total IT spending worldwide.

    Companies, no matter what size, can discover the following 10 benefits of subscription-based services.

    Benefit No. 1: Enhanced Customer Service. Subscription business cultivates an ongoing and close-knit relationship with customers. Managed services allows for consistent, cohesive engagement throughout the relationship, across all functional areas. 

    Benefit No. 2: Cost Streamlining. Using a subscription means the company can unload significant in-house investment of infrastructure and equipment onto the managed IT provider.

    Benefit No. 3: Customized Plans. Providers can create unique plans and adjust their offerings to reflect actual usage. It is no longer necessary to pay for capacity you don’t utilize.

    Benefit No. 4: A Safer Environment for Your Data. The most innovative cybersecurity tools in existence reside in the Cloud. Under subscriptions-based services, you can keep your data safer than ever before.

    Benefit No. 5: Fixed Regular Expenses. With subscription services, you won’t have to guess what your future costs will be. Providers can help tailor these fixed expenses to fit your budget—costs won’t change mid-contract and that have the potential to lower with longer terms.

    Benefit No. 6: Centralized Expert 24/7 Infrastructure and Support. Subscription options enable clients to access support for applications, servers and every other IT need that already exists in the Cloud—a key reason so many companies are moving.

    Benefit No. 7: Faster Response and Recovery Times. When utilizing a subscription-based service, you have the potential to get up and running in the event of an interruption—or after a disaster—with minimal downtime.

    Benefit No. 8: Ease of Scalability. The flexibility of a subscription allows your IT support to grow as your business does.

    Benefit No. 9: Increased Employee Productivity. As a result of reduced network and application downtime, your employees can get more done.

    Benefit No. 10: Less IT Pressure. Technology is only getting more advanced. Using a subscription-based service can help alleviate the stress a company may feel to keep up with the capabilities required in this increasingly complex area.

    TEC Communications is proud to be the first Cisco partner in Northern Ohio. We can help make any business’ IT operate more efficiently and safely with full-scale Cybersecurity, Cloud, Data Center, Network Infrastructure, Video-Voice-Messaging Collaboration, Carrier Services, Wireless & Mobility and Managed Services solutions. Contact us at www.tec4it.com to learn more.

  • Email
  • Next up: 13 Tips from the FTC to Protect Against Phishing Attacks
  • More in Operations
  • 13 Tips from the FTC to Protect Against Phishing Attacks

    In the second article of this series from the Federal Trade Commission, we’re holding a magnifying glass up to phishing and ransomware scams and bringing you 13 things to consider as you set up strategies to protect your business.

    The Federal Trade Commission (FTC) is bringing you an informative series on various scams that can target and potentially devastate small businesses. In the first article of this series, we highlighted an unsophisticated, but highly lucrative, scam aimed at the business community: the sending of and billing for unordered merchandise. In this second installment from the staff of the FTC’s East Central Region, we focus on more sophisticated scams involving phishing and malware.

    What is ‘phishing’

    Phishing is when a scammer uses fraudulent emails or texts, or copycat websites to get unsuspecting people to share valuable personal information—such as account numbers, Social Security numbers, or login IDs and passwords—which scammers can use to steal money, your identity or both. Phishing scammers lure their targets into a false sense of security by spoofing the familiar, trusted logos of established, legitimate companies, or they may pretend to be a colleague or a familiar vendor. 

    Scammers also use phishing emails to get access to your computer or network to install malware. Malware includes viruses, spyware and other unwanted software that gets installed on your computer or mobile device without your consent. These programs can cause your device to crash and can be used to monitor and control online activity. They also can make your computer vulnerable to viruses and deliver unwanted or inappropriate ads. A lucrative form of malware for scammers is called ransomware, a program that can lock you out of important files on your computer.

    To reduce the risk of falling for a phishing attempt or downloading malware, you should train every employee or contractor who has access to your network—including yourself. Here are 13 things to keep in mind as you establish strategies to protect your business:

    Tip No. 1: Think twice before clicking on links or downloading attachments and apps. Even emails from your friend or colleague could be dangerous. Files and links can contain malware that can weaken your computer’s security. You also can get malware from visiting a compromised site or through malicious online ads.

    Tip No. 2: Do your own typing. If a company or organization you know sends you a link or phone number, don’t click. Use your favorite search engine to look up the website or phone number yourself. Even though a link or phone number in an email may look like the real deal, scammers can hide the true destination.   

    Tip No. 3: Make the call if you’re not sure. Do not respond to any emails that request personal or financial information. Phishers use pressure tactics and prey on fear. If a colleague or a vendor asks for personal or financial information, pick up the phone and call them yourself using the number in your address book or on their website, not the one in the email.

    Tip No. 4: Turn on two-factor authentication. For accounts that support it, two-factor authentication requires both a password and an additional piece of information to log in to an account. The second piece could be a code sent to a mobile device, or a random number generated by an app or a token. This protects an account even if the password is compromised.

    Tip No. 5: Back up files to external hard drives or cloud storage. Back up company files regularly to protect against viruses or a ransomware attack. Remember to log out of the cloud and unplug external hard drives so hackers can’t encrypt and lock your back-ups, too.

    Tip No. 6: Get well-known software directly from the source. Sites that offer lots of different browsers, PDF readers and other popular software for free are more likely to include malware.

    Tip No. 7: Read each screen when installing new software. If you don’t recognize a program, or are prompted to install additional “bundled” software, decline the additional program or exit the installation process.

    Tip No. 8: Install and update security software and use a firewall. Use security software you trust, and set operating systems, web browsers and security software to update automatically.

    Tip No. 9: Don’t change your browser’s security settings. You can minimize “drive-by” or bundled downloads, which are more likely to have malware, if you keep your browser’s default security settings.

    Tip No. 10: Pay attention to your browser’s security warnings. Many browsers come with built-in security scanners that warn you before you visit an infected webpage or download a malicious file.

    Tip No. 11: Don’t click on pop-ups or banner ads about your computer’s performance. Scammers insert unwanted software into banner ads that look legitimate, especially ads about your computer’s health. Avoid clicking on these ads if you don’t know the source.

    Tip No. 12: Scan USBs and other external devices before using them. These devices can be infected with malware, especially if you use them in high traffic places, like public computers.

    Tip No. 13: Talk about safe computing. Educate your colleagues that some online actions can put the company’s computers at risk: clicking on pop-ups, downloading “free” games or programs, opening chain emails or posting personal information.

    How do I know if company computers are infected with malware? 

    Monitor computers for unusual behavior. A computer might be infected with malware if it:

    • slows down, crashes or displays repeated error messages;
    • won't shut down or restart;
    • serves a barrage of pop-ups;
    • serves inappropriate ads or ads that interfere with page content;
    • won’t let you remove unwanted software;
    • injects ads in places you typically wouldn’t see them, such as government websites;
    • displays web pages you didn’t intend to visit; or
    • sends emails you didn't write. 

    Other warning signs of malware include:

    • new and unexpected toolbars or icons in your browser or on your desktop;
    • unexpected changes in your browser, like using a new default search engine or displaying new tabs you didn’t open;
    • a sudden or repeated change in your computer’s internet home page; or
    • a laptop battery that drains more quickly than it should.

    What if I think I’m a victim?

    If you suspect there is malware on your computer, there are many companies that offer tech support. Online search results might not be the best way to find help, however. Tech support scammers pay to boost their ranking in search results so their websites and phone numbers appear above those of legitimate companies. If you want tech support, look for a company’s contact information on their software package or on the purchase agreement.

    What if I know I am a victim?

    If you are a victim of ransomware, where hackers take over your computer and demand a sum of money to give you back control, you can contain the attack by disconnecting the infected devices from your network to keep ransomware from spreading. If you’ve backed up your files, and removed any malware, you may be able to restore your computers. You should also contact law enforcement by reporting ransomware attacks to the Internet Crime Complaint Center or an FBI field office.

    Should I pay the ransom?

    Companies often ask if they should pay the ransom. Law enforcement doesn’t recommend paying the ransom, although it’s up to you to determine whether the risks and costs of paying are worth the possibility of getting your company’s files back. If you pay the ransom, there’s no guarantee you’ll get the files back. In fact, agreeing to pay signals to criminals that the company hasn’t backed up its files. Knowing this, they may increase the ransom price—and may delete or deny access to your files anyway. Even if you do get the company’s files back, they may be corrupted. And your company might be a target for other scams.

    The FTC works to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop and avoid them. You can file a complaint online at www.ftc.gov/complaint or by telephone at 1-877-FTC-HELP (1-877-382-4357). Forward phishing emails to spam@uce.gov and to the organization impersonated in the email.

  • Email
  • Next up: Don't Take the Risk of Fraud Lightly: 17 Steps to Protect Your Business
  • More in Operations
  • Don't Take the Risk of Fraud Lightly: 17 Steps to Protect Your Business

    While completely eliminating incidences of payment fraud may be impossible, there are definitely steps you can take to minimize the risk of exposure.By taking daily precautions, you can make it that much harder for fraudsters to perpetrate their schemes.

    While completely eliminating incidences of payment fraud may be impossible, there are definitely steps you can take to minimize the risk of exposure.By taking daily precautions, you can make it that much harder for fraudsters to perpetrate their schemes.

    Some basic tips for avoiding fraud:

    • Adhere strictly to your company’s security policies; they put them there for a reason.
    • Always use strong passwords to thwart attempts to hack your accounts.
    • Never share your passwords or let someone else log-in to your computer.
    • Enroll in your bank’s security alerts, notifying you if there’s suspicious account activity.
    • No financial institution, including Fifth Third Bank, should never send you an email asking you to verify or supply personal information.
    • Never send personal information via e-mail unless it is to a trusted source and use some type of encryption.
    • Never open unsolicited e-mails from unknown e-mail addresses. Set your spam filter on high to block suspicious communications.
    • Exercise reasonable care when downloading software and opening email attachments. Never download or open an e-mail attachment from an unknown email address.
    • Install a firewall and both anti-virus and anti-spyware software. Keep your virus definitions and browser and security software current.
    • Don’t write your PIN number on your credit card.
    • Make sure your mobile phone number and other contact information are registered with your card issuer so they can verify transactions.
    • Don’t let your commercial card out of your sight when making a transaction.
    • When entering a PIN into a card-reader or ATM, use your free hand or body to shield the number from prying eyes.
    • Always review receipts after using your corporate credit card and report any suspicious charges.
    • Be sure to keep the card issuer’s phone number in your mobile phone’s contact list in case your card is lost or stolen.
    • If shopping on the Internet, use only secure, trusted sites.
    • Where available, take advantage of Europay Mastercard Visa (EMV) credit/debit cards with embedded microchips which dramatically reduce point-of-sale (POS) fraud.

    Beyond these proactive steps, businesses should also take advantage of protective tools offered by their bank, such as malware detection software and authentication for more secure logins. Follow these tips to help protect your business from the growing threats of fraud.

    Fifth Third and Fifth Third Bank are registered trademarks of Fifth Third Bancorp. Deposit and credit products provided by Fifth Third Bank. Member FDIC.

  • Email
  • Next up: 17 Things You Didn't Know About Energy Usage and Project Funding
  • More in Operations
  • 17 Things You Didn't Know About Energy Usage and Project Funding

    Commercial buildings represent more than 40% of all the energy consumed in the U.S., so there’s obviously a lot of room for energy savings. Read on to learn more about energy consumption and how you can get the financing you need to complete energy efficiency projects.

    It’s no big secret to business owners that energy costs are one of the biggest expenses their business faces. In fact, commercial buildings represent 43% of all of the energy consumed by buildings in the United States, yet are still just a tiny fraction of the energy efficiency market, according to the International Energy Agency.

    It’s clear how becoming more energy efficient should be a priority for business owners. Earlier this month, the COSE/GCP Energy Team hosted a workshop on financing solutions that make energy projects feasible and help businesses become more energy efficient, thus improving their bottom line.

    Listed below are the 17 things you need to know about how companies are using (or misusing) energy and how they can obtain financing to make their energy consumption more efficient.

    1. Barriers to investment. According to a 2016 International Facilities Management Association study of sub-100,000-square-foot buildings, owners listed financial capacity and technical expertise continue to be barriers to investment in energy efficiency and clean energy upgrades.

    2. No budget. More than three out of four owners (76%) have no specific energy budget.

    3. Limited third-party options. A total of 87% of owners have limited access to third-party financing options, largely because they do not know that such financing exists.

    4. No contract. Almost nine out of 10 owners (88%) have no energy services agreement or contract.

    A solution

    C-PACE financing could be a solution for the business owners listed above. What is C-PACE and how can it help?

    5. What is C-PACE? C-PACE is a government financing policy that classifies energy-saving upgrades as a public benefit, such as a sewer, road extension, etc.

    6. How can C-PACE Help? With C-PACE, private lenders provide capital to build qualifying projects and they are repaid through the property tax bill over the life of the equipment (often 20 or more years). This makes most projects cash flow positive from day one.

    7. What qualifies? Most energy efficiency and water projects qualify.

    How PACE financing can help

    So, what are the benefits of C-PACE financing for pre-existing buildings?

    8. Attractive terms. It provides long-term financing with fixed rates of up to 20-year terms.

    9. Attractive cost. The cost of capital is low.

    10. All-in financing. This is 100% financing. No capital outlay is required from the property owner (hard or soft costs).

    11. NOI positive projects. With no capital outlay and long-term financing term, projects generally cash flow and generate net operating income beginning on day one.

    12. Non-recourse financing. The financing is non-recourse, with no corporate or personal guarantees required.

    13. Non-accelerating financing. The financing is non-accelerating, even in the event of the sale of the property.

    14. It’s not debt. It does not consume credit capacity because it’s not considered debt.

    15. Flexible structure. It can be structured to pass through costs with tenants for NNN leases.

    16. Fast underwriting. Fast-tracked underwriting can lead to a quick close.

    Contact the COSE/GCP Energy Team today

    17. Contact us today. And what’s the 17th takeaway on all this? It’s to contact the COSE/GCP Energy Team at energy@gcpartnership.com and let the Team evaluate your project, prescreen your business for C-PACE and connect you with the capital and resources you need to start saving on your energy expenses.

  • Email
  • More in Operations