Small businesses are sometimes called Small-scale enterprises or small firms, which may be defined as businesses with less than 100 employees. However, are small businesses really defined by the number of their employees? In Nigeria, according to Finance Law (2020), a small business is one with a turnover that is less than NGN25 million annually, while a medium business is defined as a Company with a turnover between NGN25 million and NGN100 million annually. The US Census Bureau defines small businesses based on their industry. In the agricultural industry, a small business is one that has a maximum of 750,000 dollars in annual receipt while in wholesale a small business is one with about 100-250 employees. Even with their size, small businesses are important to a nation’s economy.
With this much importance, we need to understand their place in the cyber world. According to research, 43% of cyberattacks are targeted at small businesses (Joshua Sophy, 2016) and about 60% of them crash after a cyberattack. Visa “estimates about 95 percent of the credit-card data breaches it discovers are on its smallest business customers”. What exactly are these cyberattacks?
Malware (viruses, trojan, zombies, worms): your systems can have malware through unsafe attachments downloaded from your email, or a random USB stick that is plugged into your system
Ransomware: When an attacker gains access to your system, they lock up your data, and then you have to pay to get the key to decrypt it. Sometimes, they not only encrypt your data, they also copy them, and not complying means your data is being sold on the Dark Web.
Social engineering: The attacker tries to interact with you just so they can glean sensitive information from you. An Example is Phishing – which comes in the form of emails, calls, or text messages.
Insider attacks: This could be intentional or unintentional, usually caused by either present disgruntled employees or past employees of the company
While it is true that small businesses are susceptible to these attacks, women-led businesses are more exposed to them. According to an article by Forbes Marguerita Cheng in 2018, businesswomen have vulnerabilities and weaknesses that affect the smooth running of their business. Some of them are limited funding, inadequate support system, and an unfavorable business environment. An article by Amanda Jerelyn while analyzing a female entrepreneur’s strengths and weaknesses mentioned skepticism and working more and charging less as part of a female’s weaknesses.
What have these weaknesses got to do with them being more exposed to cyber-attacks?
Let’s take a closer look at these points.
Limited funding: Women founders in the US got about 2.3% of venture capital in 2020 and even a decline in 2021 when they got 2% of venture capital. How does this affect the cybersecurity posture of such women-led businesses? Implementing cybersecurity in a business is not cheap. Cybersecurity practices and systems have to be implemented from the onset and not just as a side thought. Considering this fact, the inability of the woman founder to get capital means they are handicapped (to some extent) and what they need to do to protect their system will be pushed a back and cyber threat actors are no respecter of persons or businesses.
Inadequate Support System: Women founders are generally short of support systems. A support system includes mentors and accountability partners. An inadequate support system means they do not have a general idea of how things should work and have no one to consult. This also implies that they might not even understand the importance of cybersecurity. Remember no one is an island of knowledge, not having people to network with has its consequences.
Unfavorable business environment: A business environment is made up of those external factors that affect a business whether positively or negatively. There is a macro business environment (which are factors that cannot be controlled) and a micro business environment. Imagine a sociocultural environment (a macro factor) that doesn’t believe women should be bosses, women founders in such an environment have to cope with the fact that women-led businesses are not that accepted and still have to cope with the cybersecurity part of their business. In a bid to establish her business in the community, she loses sight of another important part of her business (the cybersecurity aspect).
Skepticism: means, “Do I really need to be cyber safe, or are these people trying to extort some money from my business?”
How about the issue of insider threats? A woman-lead business is also susceptible to insider attack when her employees do not fully trust her decisions, they become negligent and thus they become a vulnerable spot for attacks in her company, or employees who are bitter about a woman being their head can be convinced by a threat actor to plant malware in the system.
You do understand that every business is exposed, whether women-lead or men-lead, but these factors mentioned in this article with references are an indicator of why women-lead businesses are more exposed to cyberattacks. Women are less cyber aware according to research, and this has to change.
WAY FORWARD
Cybersecurity awareness: Knowledge is power and empowering businesswomen with cybersecurity tips will help them make better business decisions.
Business support initiative: This does not only mean establishing new business support for women, it also means expanding the capacity of how much support can be provided for already established organizations.
Funding: Asides from the Government helping women fund their business and giving grants, private investors are also implored to trust businesswomen with their money. Women-led businesses must build the necessary capacity for investor readiness, financial bookkeeping, business modeling, and monitoring in a cyber-secure manner.
About Presence Secure:
We are helping businesses save costs by securing their personnel, systems, and processes from ever-growing threats. We are providing cybersecurity awareness training, social media management, engineering computers, with best network security practices, providing web security, helping customers formulate security policies that guard business operations, and offering cyber security consultancy services and research.