Small business is not immune

Cyber crime results in downtime, escalating expenses

By Jason Arndt

Cyber attacks affect more than just large businesses and operations, such as the recent Colonial Pipeline ransomware incident, but also small and mid-sized establishments.

Mark Hoffmann

Mark Hoffmann, owner of Kenosha-based CMIT Solutions, which serves all of Racine, Kenosha and portions of Walworth counties, said the cyber attacks have had a profound affect on small businesses.

He estimates 70% of cyber attacks target small and small mid-sized businesses with a 25% success rate.

“There are so many, I am aware of a few that occurred in Kenosha, there were a handful of business owners that I was talking to at a community event (and) one of them was shut down for a week. A lot of businesses, it takes a week or more to get back online.”

Hoffmann, who carries about three decades of experience in the field, has been involved with several Southeast Wisconsin businesses in multiple capacities ranging from AVP of Intranet Applications at M&I Bank in Milwaukee and as CIO of TCGRx.

TCGRx, he said, was a company based out of Powers Lake in Kenosha County that started as a small startup before becoming a known company in pharmacy workflow software and robotics.

Since then, he was motivated to branch out, helping companies in smaller and rural communities with security needs. In the hope of having a faster exponential growth, many small businesses tend to invest in companies that might seem very appealing to them initially. But what they fail to understand is sometimes they can be the biggest scam out there, or sometimes they could be that blessing in disguise. As an example, most small brands tend to consider the services or firms like Social Growth Engine when it comes to growing their Instagram account. However, not everything is secure in such services. Sometimes they might have a secure site, but not a secure payment gateway. Sometimes visible pricing but could lack real reviews. Therefore, before embarking on any such service, it is mandatory to do the required research. Here, in this case, a Social Growth Engine comparison page could be of guidance!

“In my experience as a small business owner and principal stakeholder at a mid-sized company, I learned that there is a lack of technology solution providers serving small and mid-sized businesses. I’m launching CMIT Solutions in the area to help ‘the little guy’ and provide our community the solutions that I’ve been searching for.”

Cybersecurity trends
Ransomware, general data breaches as well as typical worms or viruses have been the most common attacks committed against businesses – large and small – in the last several years. On average, large enterprises use over 900 applications, and some of them are interconnected to tasks that govern the implementation, maintenance, and governance of data. Integration software such as MuleSoft is thus part of these systems for added enterprise security. Hiring a MuleSoft consultant like Royal Cyber enables the protection of the entire enterprise from loss of data integrity, unwarranted access, and external attacks.

“I think (the attacks) are getting better, more sophisticated over the last 20 years,” Hoffmann said. “More people are going online of different ages and education levels.”

Users can easily identify some cyber attacks, like seeing unusual pop-ups appearing on screen that include notifying them of an infection, as well as a decline in general computer performances.

But others are not as easy to determine, Hoffmann said, noting one business became a victim of ransomware and later discovered a data breach occurred.

“Computer and smartphone slowness is a big indicator,” he said. “Sometimes it can be very difficult to detect.”

Widespread attacks
CMIT Solutions, which has a blog, reported hundreds of different cyber attacks affected thousands of businesses worldwide last April alone.

Hackers exploited a flaw in the widely used Microsoft Exchange Server application and accessed the inboxes and calendars of employees at 30,000 businesses, the blog stated, adding hundreds of thousands of international airline travelers had their names, birthdays and frequent flier numbers stolen.

“Phishing emails tricked employees at two health care companies in Texas and Washington into giving hackers access to protected health information,” the blog states. “And contractors working for the Pennsylvania Department of Health on COVID-19 contact tracing shared sensitive patient data on unprotected Google accounts.”

Hoffmann said the most common cause of data breaches is a simple email.

“Unfortunately, the most common source of data breaches comes from opening attachments, or something, allowing the virus in,” he said.

“It is going to continue to get more aggressive and worse.”

Additionally, weak passwords, or infrequent changes of login information is another reason for data breaches, ransomware attacks and system compromises.

According to the 2020 Verizon Data Breach Investigations Report, 81% of all cyber incidents involved compromised passwords, CMIT wrote on its blog.

Meanwhile, another report noted an ongoing trend of Americans remaining vulnerable to attacks.

A Google poll conducted in 2019 revealed 75% of all Americans reportedly become frustrated trying to keep track of passwords, while about 25% use simple passwords such as “abc123” as logins, and about 66% use easily identifiable details such as the name of a pet or spouse.

The latest phone security statistics show that there are almost 2 billion cyber attacks actively targeting phones. Yet a survey by Kaspersky showed that 40% of phone owners do not use any kind of antivirus to protect their device from these attacks.

Aiding businesses
CMIT Solutions offers a broad spectrum of proactive computer monitoring, maintenance and virtual technology packages, quick response services when unexpected issues to small and medium-sized businesses.

Additionally, according to Hoffmann, CMIT Solutions also can train employees at respective businesses on how to mitigate or prevent cyber-attacks.

“It is best to prevent it,” he said. “Nothing is 100% fool-proof, but just like a normal criminal out there on the street, they are going to go after the easy victims.”

CMIT, meanwhile, offers more than a dozen tools available to businesses in need of increased protection online, according to Hoffmann.

Production loss
CMIT Solutions reported cyber attacks can greatly affect business operations, including expenses, and have put some out of business.

The average downtime for data loss, according to CMIT figures, across all industries comes in at about $5,600 per minute.

Additionally, 93% of companies without disaster recovery services go out of business after a breach, but 96% of businesses with a plan have fully recovered.

Human error caused 52% of data incidents.

“The average cost of a ransomware attack has risen from $7,000 in 2018 to $41,000 in 2019 to $200,000 in 2020,” the CMIT Solutions blog states.

CMIT Solutions serves the communities of Burlington, Lake Geneva, Salem Lakes, East Troy, and Waterford.

For more information, including how to receive cyber protection, visit