Issue link: https://nebusinessmedia.uberflip.com/i/1293943
20 Hartford Business Journal • October 5, 2020 • www.HartfordBusiness.com OPINION & COMMENTARY Greg Bordonaro, Editor EXPERTS CORNER What businesses can learn from Hartford's ransomware attack By Tim Weber T he recent cyberattack on the city of Hartford proved once again ransomware is still very much a threat. Thankfully, the city had taken precautions. It credited its ability to continue running emergency servic- es as well as its quick recovery from the attack to recent investments and a proactive approach to cybersecurity. While the best security event is the one that doesn't happen, that's wishful think- ing. Every organization across every industry is vulnerable to security attacks that can paralyze systems and shut down operations. Without the proper tools in place to help prevent and recover from attacks, the cost to businesses can be staggering. A good security strategy pre- pares organizations for when an attack happens, not if. You can't wait until a crisis happens to figure out how you'll respond to a crisis — you need to prepare now. While always unfortunate, events like the Hartford ransom- ware attack can be teachable mo- ments for other organizations. Consider these lessons to help your business prevent cyberattacks — and recover if one happens. Every organization is vulner- able. Prepare now and plan how you'll respond. Everyone is vulnerable. Public entities may have more risk, but there are attacks on businesses of all kinds, everywhere. No industry is "safe" from these attacks. Complete cybersecurity assess- ments every year. Do you know what your risks are? It's critical that you regularly check your systems for weaknesses and implement solutions and precautions to protect your business and clients. Security isn't something you can do once — constant vigilance and review is needed to make sure there are no gaps. Adopt endpoint detection and response software that can quickly uncover security threats. Do you have systems in place that support your security goals? Antivirus is not enough. Threats are coming in so fast and so fre- quently you may not even be pres- ent when they happen. Businesses need managed security services with people monitoring 24x7x365. Train staff on how to recognize and report attempted intrusions. Employees are the last line of defense. Whether employees are a cybersecurity strength or weak- ness depends on you and your organization. Training staff can ensure things like suspicious re- quests and fake prompts don't lead to something more serious. With staff working remotely, ensure those using personal ma- chines to access your systems are adhering to security basics. Security policies and additional steps like multi-factor authentication (MFA) can be the difference between a successful attack and a failed at- tempt. Have policies and tools in place to help your team stay safe. Have good backups. No matter how good your secu- rity strategy is, always have a plan B. If something happens and your data is encrypted or compromised, how secure are your backups? How long will it take you to get back up and running? Having secure, recent backups that your business can rely on makes a huge difference when deal- ing with restoration after an attack. My intention isn't to scare anyone, but we can't afford to ignore the rising threats facing our businesses. Cybersecurity can be daunting, but when you look at the cost of a breach, taking these precautions and having a plan are absolutely worth it. Tim Weber is the director of security services at ADNET Technologies, an IT management and cybersecurity firm in Farmington. Tim Weber EDITOR'S TAKE CT biz need additional round of PPP funding T he federal government's Paycheck Protection Program has received plenty of negative press coverage since its April inception. It experienced a number of technical glitches, some large companies were publicly shamed and had to return the potentially forgivable loan funding, many minority businesses missed out on the money, and dozens of people were recently charged with trying to steal more than $175 million from the program. Still, the PPP has been a financial lifeline for many small businesses, and as we face the threat of a second wave of coronavirus hitting the state and country this fall and winter, it's paramount for Congress to adopt a new version of the program. I'm not talking about simply allocating new money, but allowing companies — especially those hardest hit by the pandemic in the restaurant, events and hospital- ity sectors — to receive a second round of PPP funding. It will be a matter of financial life and death for many businesses, especially as they use up their first round of PPP funds. Twenty-eight percent of U.S. small businesses say they will not make it through the next few months without further government aid, according to a recent survey conducted by Morning Consult on behalf of Verizon Business. Meantime, more than half of Nutmeg State executives who recently re- sponded to a Connecticut Business & Industry Association survey said they either cut hours, laid off employees, or imposed furloughs because of the impact of the pandemic and related government restrictions. Less than half of those executives said their companies will be profitable this year. Unfortunately, the prospects of another stimulus bill out of Congress look increasingly slim, especially as November's presidential election nears. If gridlock in Washington, D.C., continues, the state should consider fund- ing a second round of its $50-million emergency bridge loan program. State government obviously can't significantly move the dial on business aid, but any little bit helps. During PPP's first phase, which included two rounds of funding, nearly 60,000 loans worth $6.7 billion were dispensed to Connecticut companies, SBA data shows. The low-interest loans — part of Congress' $2-trillion economic stimu- lus package — were attractive to many small firms because they could be forgiven if employers spend the majority of money on payroll. Another installment of the program could be more targeted — perhaps focusing only on industries that have faced prolonged closures or limited capacity since March. For example, restaurants, event venues and nonprofit arts institutions should be considered for more government support. They aren't just major employers, they help create the fabric of our com- munity and culture. Do we really want a world in which our only options to dine out post-pandemic are large chains like Chili's or Applebee's? Small independent restaurants are the lifeblood of the small business com- munity, and while Lamont recently expanded indoor dining capacity to 75% starting Oct. 8 — something he should have test run during the summer when infection rates here were at their nadir — many eateries will still strug- gle this fall and winter as cold weather eliminates outdoor dining options. Congressional Republicans and Democrats have circulated proposals for another round of PPP funding, but they haven't been able to agree on a larger stimulus bill. This is another example, in addition to the U.S.' failed response to man- aging the health aspect of the pandemic, of how a starkly divided federal government and nation can't effectively handle crises. When the dust settles after the election, bipartisanship must trump partisan politics. At stake is the fate of many small businesses.