Adnan Zai, Advisor to Berkeley Capital Cleveland, works tirelessly with investment funds in this boutique firm, and understands the importance of keeping information secure from cyberattacks and cybercriminals. We recently sat down with him to discuss the problems and solutions associated with cybersecurity, especially for small firms.

Mary Kraven: When people are busy burning the midnight oil at their small investment fund or business, they are naturally worried about and dedicated to many aspects of the business. One element that they might not spend as much time and effort on as they should be is the idea of cybersecurity. The bottom line though, is that the criminals are working 24/7. Why do you think some businesses don’t do their due diligence when it comes to cybersecurity?

Adnan Zai: I believe there are several reasons for this. Businesses might not buy into a full cybersecurity defense because they don’t have the time, don’t have the money to invest, or just plain don’t know where to begin. But criminals are busy night and day working to steal your information and money, and with so much of a client’s money riding on this, businesses need to do something to counteract the danger.

Mary Kraven: As the rates of attacks have been exponentially increasing, it seems that small businesses often have a higher rate of attacks, and the results have become ever more devastating. “Fifty percent of small to medium-sized businesses (SMB) have been the victims of cyberattack and over 60% of those attacked go out of business.” Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute.

Why do you think criminals go after smaller businesses?

Adnan Zai: They go after customer information and feel that it is easier to get it out of smaller businesses. As a small investment firm, you owe it to your clients to take care of them and their information. Criminals know you lack resources and the ability to go after them. They use you as a vulnerable way to get into a third-party. Lack of money and training is the key culprit when dealing with this type of cybercrime.

Mary Kraven: That is a great point. When dealing with a business that is small to start with, the cost of cybercrimes can be astronomical.  “In 2013, cyberattacks cost small businesses on average, $8,699 per attack. Today, that number has skyrocketed to $20,752 per attack. “For those firms whose business banking accounts were hacked, the average losses were $19,948 today – up significantly from $6,927 in 2013.” Why do you think these attacks are becoming even more devastating to small businesses now?

Adnan Zai: Because phishing scams and hacking schemes are more sophisticated, and because the economy is on an upturn and there are more funds available, cyberattacks can hurt businesses now more than ever. It is easier for cybercriminals to gain access to bank accounts or customer credit cards, network information, employee information and personal data. Not only do smaller companies tend to have less security to start with, but they are doing a lot of business via cloud services, which unfortunately do not have a lot of encryption technology.

Mary Kraven: Every small business should be concerned about cybersecurity, but none more so than an investment fund. There is simply more to lose if criminals get their hands on other people’s money. But as the old saying goes, “Knowledge is half the battle.” The Small Business Association is hosting a session about cybersecurity each Wednesday in October, as a way to offer the tools and protection that small businesses need. The criminals and their techniques evolve, and so a company’s approach to cybersecurity also needs to grow and change.

Beyond this summit, what else do you think that small businesses or investment funds should do to secure their clients and themselves?

Adnan Zai: Make sure that the training for your employees is top-notch, because work-related emails are a leading cause of data breaches. Obviously, best practices should be considered, but also positive internet browsing practices, authentication tools, understanding phishing emails, and protecting sensitive information for both vendors and clients.

But even if all of your employees are on board, you still need to safeguard your entire system by making sure that your information is encrypted, you have a password-protected account and router, you have Virtual Private Networks, and updated antivirus software. Multi-factor authentication (MFA) is a must-have if trying to thwart cyberattacks. This requires users to offer more information than the typical name and password.

Mary Kraven: Yes, and according to the FCC, you should definitely back up all data, especially critical data like electronic spreadsheets, databases, financial files, human resource files, and all accounts receivable and payable. Backup data automatically if possible, or at least weekly and store the copies either offsite or in the cloud.

Adnan Zai: The key is to control the data and the people who have access to it. Make sure everything is backed up. Offer a secure payment process. These measures are common knowledge but will go a long way in solving the problem.

Mary Kraven: According to the Economic Times, “It is crucial for small businesses to prioritize cybersecurity to protect their operations and reputation. A successful ransomware attack can have severe consequences, including financial loss, disruption of services, and damage to the brand image. Rebuilding customer trust after a security breach can be challenging and may lead to the loss of potential clients, he says.”

Adnan Zai: Yes, this must be taken seriously or the cost down the road will be astronomical. It is difficult to get your firm’s reputation back if cyberattacks disrupt your business and damage the brand. And the price tag is often outlandish in terms of lost revenue, lost trust, and lost business time.

Mary Kraven: Thank you for discussing the importance of safeguarding investment fund information, Adnan Zai. Cybercriminals work hard, so small business owners need to work smart!