GEORGETOWN UNIVERSITY
Cybersecurity is a critical business investment for small and medium enterprises (MSMEs) due to the increasing importance of digital connectivity and tools in business operations.
2022 · 30 pages

Abstract
MSMEs are exposed to potential cybersecurity threats, which can be crippling for a business, shutting down equipment, eliminating access to data and communication systems, and potentially putting sensitive client or other business information at risk. The core target of cyber attacks is data, whether it's business information, customer information, or other personally identifiable information (PII). Businesses need to map and track the data they have to understand and address potentially vulnerable points of access. Similarly, businesses need to be aware of their points of access vulnerabilities, whether that is physical access to equipment that retains company data or Internet and other network connections. To better manage these potential vulnerabilities, businesses must also understand the types of attacks that they may be subject to. The growing range of threats includes malware, ransomware, phishing, man-in-the-middle (MitM) attacks, and other emerging risks linked to fintech, Internet of Things (IoT), and supply chain integration. Simple tactics, such as developing standard policies and procedures that segregate and limit access to data, educating employees on potential threats, and ensuring that IT equipment is updated and maintained, can have a significant impact on mitigating cyber threats. Cybersecurity is the activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation. Antivirus software is a program that monitors a computer or network to detect or identify major types of malicious code and to prevent or contain malware incidents. Cryptocurrency is a digital currency in which transactions are verified and records maintained by a decentralized system using cryptography rather than by a centralized authority. Malware is software that compromises the operation of a system by performing an unauthorized function or process. Phishing is fraudulent messages that appear real and seem to be from a legitimate source to trick employees into providing information like credit card numbers, bank account details, and login credentials. Ransomware is a type of malware that prevents or limits access to a computer system or data until a ransom is paid. The increasing integration between business, customers, and suppliers means that a business's liability from an attack can also extend to all other partners whose information it manages or transacts with. To appropriately manage their cyber risk, businesses must first understand their potential vulnerabilities and the range of cyber threats. This requires mapping and tracking the data they have, being aware of their points of access vulnerabilities, and understanding the types of attacks they may be subject to. Businesses can mitigate cyber threats by developing standard policies and procedures, educating employees on potential threats, and ensuring that IT equipment is updated and maintained. Simple tactics, such as segregating and limiting access to data, can have a significant impact on reducing the risk of a cyber attack.
Connected topics
Classification