Successful Operational Cyber Security Strategies for Small Businesses

Cybercriminals threaten strategic and efficient use of the Internet within the business environment. Each year, cybercrimes in the United States cost business leaders approximately $6 billion, and globally,$445 billion. The purpose of this multiple case study was to explore the operational strategies chief information security officers of high-technology companies used to protect their businesses from cyberattacks. Organizational learning theory was the conceptual framework for the study. The population of the study was 3 high-technology business owners operating in Florida who have Internet expertise and successfully protected their businesses from cyberattacks. Member checking and methodological triangulation were used to valid the data gathered through semistructured interviews, a review of company websites, and social media pages. Data were analyzed using thematic analysis, which supported the identification of 4 themes: effective leadership, cybersecurity awareness, reliance on third-party vendors, and cybersecurity training. The implications of this study for positive social change include a safe and secure environment for conducting electronic transactions, which may result in increased business and consumer confidence strengthened by the protection of personal and confidential information. The creation and sustainability of a safe Internet environment may lead to increased usage and trust in online business activities, leading to greater online business through consumer confidence and communication

Strategies for Implementing Successful IT Security Systems in Small Businesses

Owners of small businesses who do not adequately protect business data are at high risk for a cyber attack. As data breaches against small businesses have increased, it has become a growing source of concern for consumers who rely on owners of small businesses to protect their data from data breaches. Grounded in general systems theory and routine activity approach, the focus of this qualitative multiple case study was to explore strategies used by owners of small businesses to protect confidential company data from cyber attacks. The process used for collecting data involved semistructured face-to-face interviews with 5 owners of small businesses in Florida, as well as a review of company documents that were relevant to strategies used by owners of small businesses to protect confidential company data from cyber attacks. The thematic analysis of the interview transcripts revealed 4 themes for protecting business data against cyber attacks, which are security information management strategy, organizational strategy, consistent security policy, and cybersecurity risk management strategy. A key finding is that owners of small businesses could develop an organizational strategy by incorporating procedures used to protect from and respond to cyber attacks. The implications for positive social change include the potential to increase customers’ confidence and businesses’ economic growth, as well as stimulate the socioeconomic lifecycle, resulting in potential employment gains for residents within the communities

Recommendations to Address Government Concerns Regarding Intellectual Property Theft from American Research Universities by China and Other Foreign Entities while Preserving the Process of Fundamental Research

This report discusses and examines the factors surrounding this dilemma—government perspective, academic perspective, shortage of graduate research students, foreign entities identified as intellectual property risks, cyber security, funding, legislation, and policy. To create more appropriate and effective solutions, guidance is provided that reframes the issue as a security problem rather than a foreign-entity problem. The report makes 12 recommendations based on a best-practices survey of research teams from 39 premier research institutions to address the issue while preserving the concepts of fundamental research and academic freedom.Prepared for the Association of American Universitie

Effective Strategies Small Business Leaders Use to Address Ransomware

Small business leaders face a wide range of cybersecurity threats. Ransomware is a specific cybersecurity threat that cybercriminals can use to deny small business leaders’ access to data in exchange for a ransom payment. Grounded in routine activity conceptual framework, the purpose of this qualitative multiple case study was to explore effective strategies small business leaders use to address ransomware. Data were collected from 5 leaders of small businesses in the southeast region of the United States. Data sources included interviews and archival documents. Data were analyzed using Yin’s 5 step process. The analysis revealed 3 primary themes: ransomware strategy, support structure, and cybersecurity awareness. Managers and leaders of small businesses could potentially benefit from this research by applying strategies that emerged from the identified themes to prevent victimization from ransomware. The implications for positive social change include the potential to support the local economy and to prevent and mitigate the spread of ransomware to protect confidential and sensitive consumer information

Strategies Security Managers Used to Prevent Security Breaches in SCADA Systems\u27 Networks

Supervisory Control and Data Acquisition (SCADA) systems monitor and control physical processes in critical infrastructure. The impact of successful attacks on the SCADA systems includes the system\u27s downtime and delay in production, which may have a debilitating effect on the national economy and create critical human safety hazards. Grounded in the general systems theory, the purpose of this qualitative multiple case study was to explore strategies SCADA security managers in the Southwest region of the United States use to secure SCADA systems\u27 networks. The participants comprised six SCADA security managers from three oil and gas organizations in the midstream sector located within this region. Data were collected using semistructured interviews and a review of organizational documents. Four themes emerged from the thematic analysis: (a) the importance of security awareness and workforce security training, (b) the use of technical control mechanisms, (c) the establishment of standard security policies, and (d) the use of access and identity management techniques. A key recommendation is for IT managers to adopt security awareness and workforce security training to strengthen the security chain\u27s most vulnerable link. The implications for positive social change include the potential to prevent consequences such as loss of lives, damage to the environment, and the economy resulting from malicious activities

Analyzing Small Business Strategies to Prevent External Cybersecurity Threats

Some small businesses’ cybersecurity analysts lack strategies to prevent their organizations from compromising personally identifiable information (PII) via external cybersecurity threats. Small business leaders are concerned, as they are the most targeted critical infrastructures in the United States and are a vital part of the economic system as data breaches threaten the viability of these organizations. Grounded in routine activity theory, the purpose of this pragmatic qualitative inquiry was to explore strategies small business organizations utilize to prevent external cybersecurity threats. The participants were nine cybersecurity analysts who utilized strategies to defend small businesses from external threats. Data were collected via online semistructured interviews and the National Institute of Standards and Technology documentation as well as analyzed thematically. Six major themes emerged: (a) applying standards regarding external threats, (b) evaluation of cybersecurity strategies and effectiveness, (c) consistent awareness of the external threat landscape, (d) assessing threat security posture, (e) measuring the ability to address risk and prevent attacks related to external threats, and (f) centralizing communication across departments to provide a holistic perspective on threats. A key recommendation for cybersecurity analysts is to employ moving the target defenses to prevent external cybersecurity threats. The implications for positive social change include the potential to provide small business cybersecurity analysts with additional strategies to effectively mitigate the compromise of customer PII, creating more resilient economic infrastructures while strengthening communities

Analyzing Small Business Strategies to Prevent External Cybersecurity Threats

Some small businesses’ cybersecurity analysts lack strategies to prevent their organizations from compromising personally identifiable information (PII) via external cybersecurity threats. Small business leaders are concerned, as they are the most targeted critical infrastructures in the United States and are a vital part of the economic system as data breaches threaten the viability of these organizations. Grounded in routine activity theory, the purpose of this pragmatic qualitative inquiry was to explore strategies small business organizations utilize to prevent external cybersecurity threats. The participants were nine cybersecurity analysts who utilized strategies to defend small businesses from external threats. Data were collected via online semistructured interviews and the National Institute of Standards and Technology documentation as well as analyzed thematically. Six major themes emerged: (a) applying standards regarding external threats, (b) evaluation of cybersecurity strategies and effectiveness, (c) consistent awareness of the external threat landscape, (d) assessing threat security posture, (e) measuring the ability to address risk and prevent attacks related to external threats, and (f) centralizing communication across departments to provide a holistic perspective on threats. A key recommendation for cybersecurity analysts is to employ moving the target defenses to prevent external cybersecurity threats. The implications for positive social change include the potential to provide small business cybersecurity analysts with additional strategies to effectively mitigate the compromise of customer PII, creating more resilient economic infrastructures while strengthening communities