Abstract
Small businesses are the most vital part of a nation’s economy. In today’s world, as we are moving towards digitizing almost everything around us, cybersecurity is essential and vital for our digitalized world to function. Small businesses are no exception. All businesses collect, use, and store information. They store employees’ information, tax information, customers’ information, business transaction information, and all other operational information that is needed for a business to function. Without an appropriate cybersecurity program, these businesses are vulnerable and can be easily impacted by cyber incidents and malicious attacks. Businesses are putting resources to protect their systems against malicious attacks. Although small businesses, due to their limited budget, do not have enough resources to implement a continuous and flexible security program for the protection of their information systems. Therefore, small businesses are often called “soft targets'' among hackers. Small business owners believe there might be no valuable information in their business to protect, but often hackers open their way from less secure systems toward the high-profile targets using small security gaps. Additionally, there are a number of factors behind cyber attacks on small businesses. Attackers are not often after profit. They might have intentions to disrupt the business due to negative rivalries and market competitions. Therefore, a pragmatic security program is a solution to address these needs and concerns. This research review will focus on technological and security concerns surrounding small businesses, financial impacts of cyber incidents on small businesses, and solutions to address security concerns in small businesses by proposing procedures to help protect information systems. The review encompasses a section for the research methodology, a literature review where the topic is broken down into subtopics, a discussion, and a conclusion to summarize the whole review.
Document Type
Paper
Disciplines
Information Security
DOI
10.25776/nybz-d798
Publication Date
11-2021
Upload File
wf_yes
Included in
Internet of Things: Cybersecurity in Small Businesses
Small businesses are the most vital part of a nation’s economy. In today’s world, as we are moving towards digitizing almost everything around us, cybersecurity is essential and vital for our digitalized world to function. Small businesses are no exception. All businesses collect, use, and store information. They store employees’ information, tax information, customers’ information, business transaction information, and all other operational information that is needed for a business to function. Without an appropriate cybersecurity program, these businesses are vulnerable and can be easily impacted by cyber incidents and malicious attacks. Businesses are putting resources to protect their systems against malicious attacks. Although small businesses, due to their limited budget, do not have enough resources to implement a continuous and flexible security program for the protection of their information systems. Therefore, small businesses are often called “soft targets'' among hackers. Small business owners believe there might be no valuable information in their business to protect, but often hackers open their way from less secure systems toward the high-profile targets using small security gaps. Additionally, there are a number of factors behind cyber attacks on small businesses. Attackers are not often after profit. They might have intentions to disrupt the business due to negative rivalries and market competitions. Therefore, a pragmatic security program is a solution to address these needs and concerns. This research review will focus on technological and security concerns surrounding small businesses, financial impacts of cyber incidents on small businesses, and solutions to address security concerns in small businesses by proposing procedures to help protect information systems. The review encompasses a section for the research methodology, a literature review where the topic is broken down into subtopics, a discussion, and a conclusion to summarize the whole review.