The problem
Small businesses lack cybersecurity awareness and protections. Cybercrime such as ransomware, email compromise and an increase in tech support scams are the biggest vulnerabilities for companies. Small business proprietors need a trusted support agent and consultant to evaluate their systems, make recommendations and execute complex changes. Internet facing websites, service portals and online presence in search engines is a requirement in the modern business landscape, regardless of how nontechnical the business is.
The context
99% of businesses in the US are small businesses. (SBA) According to the US Small Business Administration, this equated to 32.5 million small businesses in the US in 2021. The FBI’s Internet Crime Complaint Center (IC3) releases an annual internet crime report that has shown a steady increase in the number of reported cybercrimes and the monetary value of the losses. According to an article by Alexander Cuiafi at TechTarget, It is also widely believed that the astronomical figures of complaints and losses are underreported due to ignorance of the reporting process, or the feeling of shame associated with falling victim to a crime or scam. Of the nearly $7 Billion lost in 2021, $2.39B were business email compromise and email account compromise (BEC/EAC) losses, $517M were Personal data breach losses and $347.6M was due to tech support scams.(IC3) As a student of cybersecurity, and the family tech support, I consistently read news and field questions related to preventing identity theft and data loss.
The solution
My innovation is a company that is dedicated to the cybersecurity needs of small businesses. Small businesses with less that 25 employees fall into a gap not addressed by consumer or professional cybersecurity products. This small business specific cybersecurity consulting company will offer many services, but the market differentiator will be that we have a small business tailored checklist to assess customers security safeguards against. This checklist will be based on the security controls recommended by NIST, ISO and COBIT. These controls are industry best practices but are aimed at large enterprises and too complicated to be applied to or by a small business customer. Our tailored checklist will provide adequate security for small business owners without breaking the bank for overkill services targeted at corporations.
Services offered
| Email and account lockdown | Backup configurations and as a service |
| Multifactor Authentication configuration (MFA) | Ransomware prevention and consultation |
| Patching | New computer/device configuration |
| Antivirus setup | Network & Wi-Fi configuration |
| Security auditing | Password Manager configuration |
The possible barriers
The primary barrier is most likely marketing and advertising. It may be a time-consuming process to become known as the go-to company for small business cybersecurity needs and gain the initial trust of customers and grow the consumer base. This should become less of a problem over time as word-of-mouth spreads and goodwill grows. Online marketing campaigns and targeted Google ads will also help jumpstart the business.
There will also be some technical barriers. customers will already be using or invested in an application or system that I am not familiar with. In these cases, I will either need to get up to speed on the topic to provide support which could result in a reduced hourly profit, or I will be unable to support certain systems that I am unfamiliar with. Reality will most likely be a mix of the two. Upon encountering certain products multiple times, I will invest the time into learning how to support it. I will also be cataloging and recommending products that I have had positive experience supporting to customers. This could also lead to a referral based income stream.
Another barrier could be pricing. It will require a lot of research and modeling to determine how to price complex services. We will also consider subscription-based services, that provide quarterly assessments and priority response in the event of an incident, similar to having a lawyer on retainer.
The assessment
If the losses continue to compound as they have for the past five years, small business owners will start looking for solutions to reduce their risk of losing money to these crimes. Data shows that staggering amounts of money is being lost due to these scams, specifically in CA, FL, TX, and NY. One of these locations should be the headquarters for the business.
As a small business owner myself, my goal for this business to be successful will be if the net profit is greater than $200k per year at a 60 hour work week. If I am unable to reach $200k per year in net profit, I will analyze the business to see if I still have capacity to take on new customers or if I can scale by adding employees. It may also be required to pivot to provide additional services based on market demands.
Works Cited
“Advocacy Releases 2021 Small Business Profiles for the States.” SBA’s Office of Advocacy, advocacy.sba.gov/2021/08/31/advocacy-releases-2021-small-business-profiles-for-the-states. Accessed 23 May 2022.
Culafi, Alexander. “FBI IC3 Report’s Ransomware Numbers Are Low, Experts Say.” SearchSecurity, 18 Mar. 2021, www.techtarget.com/searchsecurity/news/252498133/FBI-IC3-reports-ransomware-numbers-are-low-experts-say.
“Cybersecurity for Small Businesses.” Federal Communications Commission, 30 Mar. 2022, www.fcc.gov/communications-business-opportunities/cybersecurity-small-businesses.
“FBI Internet Crime Report 2021.” Internet Crime Complaint Center (IC3), www.ic3.gov/Media/PDF/AnnualReport/2021_IC3Report.pdf. Accessed 23 May 2022.
“Stay Safe from Cybersecurity Threats.” Small Business Administration, www.sba.gov/business-guide/manage-your-business/stay-safe-cybersecurity-threats. Accessed 23 May 2022.