An Extension of Small Business Cybersecurity Into the Classroom and Community
DOI:
https://doi.org/10.33423/jhetp.v24i8.7203Keywords:
higher education, small businesses education, cybersecurity, entrepreneurship education, small mid-size enterprise, entrepreneur, entrepreneurshipAbstract
Small business owners often feel immune to hackers because of their business’s size and consequently do not have adequate security training, safeguards, policies, or insurance. Accordingly, small businesses are easy and frequent cybercrime targets because of limited budgets, technical personnel, and awareness. To increase small business owners’ awareness, a university conference for Cybersecurity and Small Business was offered with PCI DSS, Social Engineering, and Company Cases topics. To augment such cyber knowledge generation, this paper contains cybersecurity outreach activities for small businesses and cybersecurity learning activities for entrepreneurship students who aspire to be small business owners.
References
Aldawood, H., & Skinner, G. (2019). Reviewing cyber security social engineering training and awareness programs—Pitfalls and ongoing issues. Future Internet, 11(3), 73. https://doi.org/10.3390/fi11030073
Bada, M., & Nurse, J.R.C. (2019). Developing cybersecurity education and awareness programmes for small- and medium-sized enterprises (SMEs). Information and Computer Security, 27(3), 393–410. https://doi.org/10.1108/ICS-07-2018-0080
Bandler, J. (2023, September 19). Cybersecurity law, compliance, and protection. Reuters. Retrieved from https://www.reuters.com/legal/legalindustry/cybersecurity-law-compliance-protection-2023-09-19/
Boyles, M. (2023, July 27). What are business ethics and why are they important? Harvard Business School Online. Retrieved from https://online.hbs.edu/blog/post/business-ethics
Brands, M. (2024, May 6). Cybersecurity laws and legislation (2024 update). Connectwise. Retrieved from https://www.connectwise.com/blog/cybersecurity/cybersecurity-laws-and-legislation
Choi, Y., & Rubin, J. (2023). Social engineering cyber threats. Journal of Global Awareness, 4(2), 1–12. https://doi.org/10.24073/jga/4/02/08
Clark, A. (2024, April 29). During national small business week, take steps to secure your business. Cybersecurity & Infrastructure Security Agency. Retrieved from https://www.cisa.gov/news-events/news/during-national-small-business-week-take-steps-secure-your-business
Cloudflare. (2024). What is zero trust security? Retrieved from https://www.cloudflare.com/learning/security/glossary/what-is-zero-trust/
Cybersecurity 2023 legislation. (2024, January 8). National Conference of State Legislatures. Retrieved from https://www.ncsl.org/technology-and-communication/cybersecurity-2023-legislation
Cybersecurity and Infrastructure Security Agency. (2020, December). Cyber essentials toolkits. Retrieved from https://www.cisa.gov/resources-tools/resources/cyber-essentials-toolkits
Cybersecurity: Challenges and Opportunities for Small Businesses, Field Hearing. (2023). (Testimony of Kevin Stine). Retrieved from https://www.nist.gov/speech-testimony/cybersecurity-challenges-and-opportunities-small-businesses-field-hearing
Exec. Order No. 14117, 89 F.R. 15421 (2014, February 28). Retrieved from https://www.federalregister.gov/d/2024-04573
Farayola, O.A., & Olorunfemi, O.L. (2024). Ethical decision-making in IT governance: A review of models and frameworks. International Journal of Science and Research Archive, 11(02), 130–138. https://doi.org/10.30574/ijsra.2024.11.2.0373
Forbes Business Council. (2020, July 22). 15 actions to help your business stay compliant with changing laws. Retrieved from https://www.forbes.com/sites/forbesbusinesscouncil/2020/07/13/15-actions-to-help-your-business-stay-compliant-with-changing-laws/?sh=294d28955261
Furman, S., Theofanos, M.F., Choong, Y., & Stanton, B. (2012, March–April). Basing cybersecurity training on user perceptions. IEEE Security and Privacy, 10(2), 40–49. https://doi.org/10.1109/MSP.2011.180
Graves, B. (2022). IT pros share tales from the cybersecurity trenches. San Diego Business Journal, 43(35), 24–24, 26, 28, 30. Retrieved from https://ezaccess.libraries.psu.edu/login?url=https://www.proquest.com/trade-journals/pros-share-tales-cybersecurity-trenches/docview/2765926890/se-2
Hiller, J., Kisska-Schulze, K., & Shackelford, S. (2024). Cybersecurity carrots and sticks. American Business Law Journal, 61(1), 5–29.
Hiscox. (2023). Hiscox Cyber Readiness Report 2023. Retrieved from https://www.hiscox.com/documents/Hiscox-Cyber-Readiness-Report-2023.pdf
Identity Theft Resource Center (ITRC). (2023). 2023 Business Impact Report. Retrieved from https://www.idtheftcenter.org/wp-content/uploads/2023/10/ITRC_2023-Business-Impact-Report_V2.1-3.pdf
Jaffries, F., & Brazinski, A.G. (2023, October 9). Navigating the patchwork of U.S. privacy and cybersecurity laws: Key regulatory updates from summer 2023. Reuters. Retrieved from https://www.reuters.com/legal/litigation/navigating-patchwork-us-privacy-cybersecurity-laws-key-regulatory-updates-summer-2023-10-09/
Jordan, D.J., & Hannahs, J. (2013, March 21). Collins subcommittee examines small business cyber-security challenges with new technologies. Retrieved from https://smallbusiness.house.gov/news/documentsingle.aspx?DocumentID=325180
Joshi, A., & Dobrygowski, D. (2024, January 1). The US has announced its national cybersecurity strategy: Here’s what you need to know. World Economic Forum. Retrieved from https://www.weforum.org/agenda/2023/03/us-national-cybersecurity-strategy/
Kelly, L. (2011, September 13). IT security considerations for SMEs. Computer Weekly, pp. 19–20. Retrieved from https://search-ebscohost-com.ezaccess.libraries.psu.edu/login.aspx?direct=true&db=buh&AN=70124816&site=ehost-live&scope=site
Kreps, S., & Arsenault, A.C. (2023, April 14). What businesses need to know about the new U.S. cybersecurity strategy. Harvard Business Review. Retrieved from https://hbr.org/2023/04/what-business-needs-to-know-about-the-new-u-s-cybersecurity-strategy
Louisiana Economic Development. (2024). CEO Roundtables. Retrieved from https://www.opportunitylouisiana.gov/program/ceo-roundtables
Mouton, F., Leenen, L., & Venter, H.S. (2016). Social engineering attack examples, templates and scenarios. Computers & Security, 59, 186–209. https://doi.org/10.1016/j.cose.2016.03.004
Penn State Hazleton. (2023, October 27). Cybersecurity for small business conference set for November 15 at Hazleton campus. Retrieved from https://hazleton.psu.edu/story/16796/2023/10/27/cybersecurity-small-business-conference-set-nov-15-hazleton-campus
Penn State Hazleton. (2024). Hazleton Launchbox: About. Retrieved from https://hazleton.launchbox.psu.edu/about/
Penn State University. (2024). Center for Security Research and Education: About. Retrieved from https://csre.psu.edu/about/
Rahmonbek, K. (2024, February 1). 35 alarming small business statistics for 2024. Retrieved from https://www.strongdm.com/blog/small-business-cyber-security-statistics
Raineri, E., & Fudge, T. (2019). Exploring the sufficiency of undergraduate students’ cyber security knowledge within top universities’ entrepreneurship programs. Journal of Higher Education Theory and Practice, 19(4), 73–92. https://doi.org/10.33423/jhetp.v19i4.2203
RiskXchange. (2024). Small to medium size business top 8 cyber security best practices. Retrieved from https://riskxchange.co/285/small-to-medium-size-business-top-8-cyber-security-best-practices/
Rundle, J. (2024, March 27). U.S. publishes draft federal rules for cyber incident reporting. WSJ Pro. Retrieved from https://www.wsj.com/articles/u-s-publishes-draft-federal-rules-for-cyber-incident-reporting-c5c768d6?mod=tech_feat3_cybersecurity_pos5
Sawant, P. (2022, March 2). Social engineering: The art of hacking humans [Video]. YouTube. Retrieved from https://www.youtube.com/watch?v=lEK84lV6dxs
SCORE. (2024). Score business owners roundtables. Retrieved from https://www.score.org/newyorkcity/small-business-owner-roundtable
Senesap, J., & Hozella, J. (2023, November 15). Achieving zero trust within retail (Redner’s Markets). [Conference presentation]. Cybersecurity Conference for Small Business Conference, Hazleton, PA, United States.
Simply Business. (2024). Cyber insurance. Retrieved from https://www.simplybusiness.com/business-insurance/cyber-liability-insurance/
U.S. Small Business Administration Office of Advocacy. (2023). Frequently asked questions about small business, March 2023 [Data set]. U.S. Small Business Administration Office of Advocacy. Retrieved from https://advocacy.sba.gov/wp-content/uploads/2023/03/Frequently-Asked-Questions-About-Small-Business-March-2023-508c.pdf
U.S. Small Business Administration. (2024, March). Strengthen your cybersecurity. Retrieved from https://www.sba.gov/business-guide/manage-your-business/strengthen-your-cybersecurity
VC3. (2023). Ten questions to ask when you’re choosing a cybersecurity assessment provider. https://www.vc3.com/blog/cyber-security-assessment-provider
Wang, Z., Sun, L., & Zhu, H. (2020, January). Defining social engineering in cybersecurity. IEEE Access, 8, 85094–85115. Retrieved from https://ieeexplore.ieee.org/document/9087851