Small businesses tend to be more vulnerable to cyberthreats. Source: Shutterstock

Small businesses tend to be more vulnerable to cyberthreats. Source: Shutterstock

Mastercard builds cybersecurity toolkit for small businesses

CYBERATTACKS concern every kind of organization, but the ones that are most vulnerable are small businesses.

Since small businesses usually have limited resources, they’re tempted to neglect cybersecurity projects in favor of projects supporting business growth and development.

However, governments and institutions across the world are trying to equip this group with the tools they need to improve their cybersecurity measures and protect themselves.

Most recently, Mastercard has partnered with the Global Cyber Alliance (GCA) in order to create a digital toolkit specifically tailored to help small businesses understand the threats they face in the digital world and take immediate action to reduce the risk.

At the launch event, GCA President Phil Reitinger told the Washington Post that the team wanted the toolkit to be usable by small, 5- to-10-person organizations, like a pizzeria or dry cleaner.

“These are the merchants you deal with on a day-to-day basis. They’re your friends. They’re your neighbors. And you want to know you can patronize them and your personal information will be safe.”

And that’s exactly why Mastercard decided to partner with the GCA for this project.

“People have to have faith and trust that their transactions will be safe and secure. We don’t want cardholders thinking: ‘I don’t trust that local coffee shop or that small online business.’ They’ll be leaving out a big portion of merchants and vendors,” said Mastercard’s Chief Information Security Officer Ron Green.

The toolkit has been launched at a critical time where the number of attacks and losses due to attacks are only rising, and experts point out that 58 percent of cyberattacks are targeted against small businesses.

Further, according to the Organisation for Economic Co-operation and Development (OECD)’s report titled Enhancing the Contributions of SMEs in a Global Digitalized Economy:

  • Small businesses account for 99 percent of businesses globally
  • Small businesses account for 70 percent of jobs, on average
  • Small businesses generate more than half of the value added by most economies

Better understanding the cybersecurity toolkit

The toolkit arms small business owners with basic security controls and guidance:

# 1 | Operational tools that help them take inventory of their cyber-related assets, create and maintain strong passwords, use multi-factor authentication, perform backups of critical data, and prevent phishing and viruses.

# 2 | How-to materials, such as template policies and forms, training videos, and other foundational documents they can customize for their organizations.

# 3 | Recognized best practices from leading organizations in the industry including the Center for Internet Security Controls, the UK’s National Cyber Security Centre Cyber Essentials, the Australian Cyber Security Centre’s Essential Eight, and Mastercard.

The GCA, a non-profit backed by the New York district attorney’s office and the City of London Police directly links the toolkit with te Center for Internet Security (CIS) Controls — a set of 20 tasks/actions in three categories evaluating overall exposure to cyber attack vectors.

According to experts, simply addressing the first five tasks/actions in the CIS Control list can reduce the risk of cyber-attacks for businesses by up to 85 percent.

On reviewing the toolkit, you’ll find that the team delivers on its promise to provide actionable insights.

For example, the Mastercard GCA toolkit recommends setting up regular (automatic) backups as a way to defend against ransomware.

The idea is practical, and is something small businesses often ignore. It’s also effective as ransomware tends to lock users out of their own data — and regular backups could render such attacks ineffective.

Hopefully, this will interest small businesses and even mid-market companies looking for quick fixes to their cybersecurity concerns and help them earn the trust of consumers when it comes to data security and privacy.