Array ( [post_status] => publish [posts_per_page] => 1 [meta_key] => last_displayed [orderby] => meta_value meta_value_num [order] => ASC [post_type] => ad [meta_query] => Array ( [0] => Array ( [key] => catsassigned [value] => "93" [compare] => LIKE ) ) [tax_query] => Array ( [relation] => AND [0] => Array ( [taxonomy] => ad_zone [field] => term_id [terms] => Array ( [0] => 87 ) [include_children] => [operator] => IN ) [1] => Array ( [taxonomy] => post_reg [field] => slug [terms] => Array ( [0] => all [1] => national [2] => va ) [operator] => IN [include_children] => ) ) )
Array ( [post_status] => publish [posts_per_page] => 1 [meta_key] => last_displayed [orderby] => meta_value meta_value_num [order] => ASC [post_type] => ad [meta_query] => Array ( [0] => Array ( [key] => catsassigned [value] => "93" [compare] => LIKE ) ) [tax_query] => Array ( [relation] => AND [0] => Array ( [taxonomy] => ad_zone [field] => term_id [terms] => Array ( [0] => 86 [1] => 3127 ) [include_children] => [operator] => IN ) [1] => Array ( [taxonomy] => post_reg [field] => slug [terms] => Array ( [0] => all [1] => national [2] => va ) [operator] => IN [include_children] => ) ) )

Michigan SBDC - 2014 LogoIt’s an astounding — and perhaps disheartening — statistic: 60 percent of small companies are unable to sustain their business within six months of a cybercrime attack, according to the U.S. National Cyber Security Alliance.

To help avoid joining their ranks, John Hey and other information technology experts advise small business managers to foster a culture of cybersecurity that permeates their entire operation, not just the IT department.

“I hate to promote apprehension or cynicism, but you have to be almost by default extremely suspicious or skeptical,” said Hey, chief operating officer of Grandville-based Trivalent Group, one of Michigan’s largest IT solutions providers. “Basically, awareness and suspicion really are the best policy.”

“Today,” said Zara Smith, strategic programs manager at the Michigan Small Business Development Center (SBDC), “protecting against online threats such as phishing (tricking consumers or businesses into disclosing financial information while posing as a legitimate company) or ransomware (encrypting a company’s files, making them unusable, and demanding a ransom to unlock the data) is everybody’s job.”

“This is the new world we live in,” she said. “Years ago we had to teach everyone to lock the door. Now we’re teaching that cybersecurity is something everyone needs to be aware of. Not everybody has to be an expert, but if we are truly to protect ourselves, we must all take responsibility.”

Indeed, the issue of staying safe and secure online is so mainstream that the National Cyber Security Alliance has designated October as National Cyber Security Awareness Month, a campaign that aims to reach consumers, small and medium-sized businesses, corporations, educational institutions and young people across the nation.

For small businesses, making cybersecurity part of every employee’s routine is especially important because they are unlikely to have distinct IT departments staffed with workers whose sole mission is to keep the company’s technology systems operating smoothly. Often, Hey said, small companies might have one person who’s in charge of technology but also has responsibility for other, unrelated duties.

Small businesses also can’t hope to simply fly under hackers’ radar, Smith said. Their sheer numbers make them a favorite target of cybercriminals. Plus, big businesses, which have the financial resources to upgrade their security, are tougher for hackers to crack. So rather than seek a single big score, increasingly hackers are opting for volume and setting their sights on multiple, more vulnerable smaller companies.

Former FBI Director Robert Mueller, somewhat famously within cybersecurity circles, summed up the threat this way: “There are only two types of companies: those that have been hacked, and those that will be.”

While that might seem to paint a hopeless scenario, the answer is to put up a vigorous defense that might prompt hackers to seek other, easier prey, Smith said.

“It’s all about risk mediation,” she said. “Don’t be the lowest-hanging fruit.”

To be sure, measures such as installing anti-virus and email scrubbing software and keeping it up to date remain fundamental, first lines of defense against falling victim to cybercrime. But a truly robust security system is based on vigilance among all employees, Hey said.

“An uncareful user can undermine all of your security measures,” he said.

For example, all employees should know to follow safe and proper protocol regarding opening attachments and links in emails, potential avenues for hackers to introduce malware or viruses into a computer network, Hey said.

Such emails are becoming more sophisticated, having evolved beyond the iconic Nigerian-based scams. Today’s emails are better written (foreign fraudsters hire translation services when composing them) and often are sent in the names of companies or people known to the recipients, Hey said.

“If there’s any shred of doubt, just delete the entire email,” he said. “If it’s a legitimate email, the other person will resend it.”

Care in sharing or protecting information such as passwords is also part of a culture of cybersecurity, Hey said. Whenever he speaks on the topic, there’s always someone in the audience who keeps an important password written on a sticky note, an extremely low-tech and dangerous storage method. In contrast, Hey stores all his passwords in a smartphone app that requires a 16-character password to open.

“I say a bad word every time I have to enter it, but it’s ultimately worth the effort,” Hey said. “Security is not convenient.”

Hey advises against sending password information in email files, saying that texting is safer. Also, having systems set up so that passwords periodically expire adds another level of safety.

Common-sense measures related to physical security, such as logging off your computer or not leaving a cell phone sitting on a table when you go to the restroom, are also keys to staying digitally safe, Hey said.

Beyond trying to access financial information such as credit card or bank account numbers, hackers who target small businesses also aim to profit by disrupting companies’ operations. Ransomware allows them to hold data hostage until a business pays to have its systems unlocked.

The cybercriminals typically don’t ask for exorbitant sums — $300 on average, Hey said — to make the ransom less traceable. They also operate with a certain level of honor, rarely reneging on their promise to unlock systems once payment is made, so as to help ensure victims recognize the benefit of paying and money keeps flowing.

But the real cost to a business comes from the disruption to its operations — as well as the blow to its reputation, Smith said. “There’s the perception that if you get hacked, you’ve done something wrong,” she said.

Hey has seen ransomwear’s devastating effects up close. He worked with a 25-employee West Michigan business that had security software and other protections in place but became infected after an employee opened an email attachment. The company had its data backed up, but it took several days to restore.

“They wound up with three or four days of lost productivity,” Hey said. “They had a six-figure impact because an email was opened. They had taken reasonable security measures but didn’t have best user practices.”

To help companies assess their vulnerability to similar crimes, the SBDC launched its “Small Business, Big Threat” initiative. The foundation of the initiative is a website,, that allows individuals to take a free assessment and receive a report.

From there, participants can choose from a variety of resources to engage with, including in-depth trainings, webinars, best practices, or industry articles on small business cybersecurity.

Andrew Carnegie

Carnegie’s Wisdom on Mining for Gold

In today’s environment of high-velocity change, a business’s technology, product innovation or unique distribution are only fleeting advantages.  In fact, the only sustainable competitive advantage is an organization’s talent and how reliably they perform. Andrew Carnegie came to America from his native Scotland when he was a small boy, did a variety of odd jobs, […]

Jets on the Tarmac

4 Tips for Stress-Free Business Travel

Over the years, I’ve traveled for business a lot — sometimes alone, but often with colleagues. One time, I found myself traveling with a colleague I didn’t know very well. We were both rushed to get work done before the flight, so we gave ourselves very little time to get to the airport. Everything had […]

image for data article 317

How Data Can Help Drive Success of Local Business—With a Little Analytical Help

When doing business with your bank in the traditional sense, most probably think of working with an organization to keep deposits secure, provide money transaction capabilities and make loans. After all, this is the traditional focus of how financial institutions, especially community banks, operate. What you may not know is just how much more your bank […]

Businessman leader rising in a hot air balloon - Leadership conc

Cutting Through the Noise and Improving Employee Communication

If communication isn’t a priority in your organization, then your company simply isn’t living up to its true potential. A first-class HR department makes it their mission to facilitate communication upward, downward and horizontally. Expectations and objectives need to be delivered and understood, frustrations need to be dealt with and concerns have to be heard. […]

Hand writing the words Team Work on virtual screen

How Job Satisfaction and the Role of Management Fits Together

Many organizations deal with employees that do not perform to standards. One of the most frustrating things for managers and supervisors is to have employees who continually repeat the infraction. However, when the issues continue managers and supervisors are left to discipline and more likely terminate the individual. One of the critical factors impacting work […]

Hatch 1

Hatch Detroit Business Competition is Back for 2016 and Needs Your Votes

Imagine being a young, hungry entrepreneur again. You’re looking around for help, hoping that someone else sees the potential in your idea like you do. That is one of the many reasons why Hatch Detroit, sponsored by Comerica Bank and Opportunity Detroit, is such an essential competition. The competition, which recently announced its Top 10 […]

People solving a problem

Proper Planning is More Than Asset Allocation

Here’s the thing…good planning avoids conflict. But, good planning is much more than asset allocation. Advisors implore their clients to plan for the future. They often use disturbing techniques like horror stories of deplorable outcomes due to a lack of planning. Usually the disturbing track is about a loss of money either to the tax […]

Man in a Bear Market - Losing Money in the Markets

Are you Setup For Failure?

The business world is moving at a rapid pace. We see the creation, the merger and the transition of numerous businesses due to overwhelming globalization, technology, and Internet conductivity. Every morning we open up such periodicals as the Wall Street Journal reading about new entrepreneurial ventures. These are very exciting times for the organizations that […]


How to Spot an Employee with One Foot Out the Door

Whether you are a Fortune 500 executive, business owner, front line manager, or human resources professional, you know this much is true. You can’t run a thriving company without top notch employees. The fact is, success resides in the hard work, creativity and dedication of your workforce—those bright, enthusiastic, engaged employees who work every day […]