State and local organizations are helping businesses navigate digital threats
Cybersecurity threats are hitting Mississippi businesses hard, with ransomware attacks, phishing schemes, and system breaches becoming increasingly common across the state. The impact can be devastating – lost sales, halted production, exposed client data, and recovery costs that can reach thousands of dollars.
“Your whole business can be gone in one second if you don’t have it protected,” said Chip Templeton, director of the RISE Center at the University of Mississippi’s Small Business Development Center (MSBDC). “And then what do you have? You can’t do anything.”
Stories like this play out across Mississippi daily. A Tupelo manufacturer lost 72 hours of production to ransomware. An Oxford law firm exposed client data through a phishing email.
Mississippi organizations are stepping up to help. The MSBDC assists roughly 6,000 businesses annually. The Mississippi Cyber Initiative, spearheaded by Mississippi State University, provides statewide leadership in addressing cybersecurity and workforce needs.
“Every business has the same cybersecurity problems,” said Templeton. “The challenge has nothing to do with any kind of national funding issues. It’s the knowledge of the person doing the business.”
The Reality for Small Businesses
In the world in which we’re most interconnected, understanding how to protect your resources is of the utmost importance. Most Mississippi businesses can’t afford dedicated Information Technology (IT) staffing.
“Most organizations participating in our initiative may have a technical savvy employee, small internal IT department, or a third-party organization managing and overseeing their network operations,” noted Rivera.
This introduces its own set of risks. Whether small or large, businesses must remain vigilant about cybersecurity and take proactive measures to protect their data and operations.
Managed Service Providers (MSPs) are a source to supplement business shortfalls. However, businesses need to ask the important questions. Rivera has seen businesses improperly invest in third-party providers, which leads to inadequate managed service. “How to properly invest in a third-party service is a challenge, but there are resources to assist in making the appropriate decision,” said Rivera. “The top indicators in selecting a third party are, ‘If they can’t explain their cybersecurity measures, it’s a significant risk to ignore.’” He lists other red flags: vague business portfolios, unclear pricing, overpromising services, poor communication.
Understanding the Costs
For business owners watching every dollar, cybersecurity can seem like unnecessary insurance—until disaster strikes. Templeton describes watching business owners go through three emotional stages in the Made Safe in Mississippi certification program.
“First, it’s ‘Why am I doing this? This isn’t something I want to do,’” he explained. “But when they do business counseling and learn more about what they actually have, they go to the stage of, ‘Oh my goodness, I had no idea how much danger I’m in.’ The final stage if they stick with it is: “‘I feel comfortable.’”
Basic protection doesn’t cost that much, said Templeton. But requirements vary dramatically. Many companies project to spend a minimum of $100,000 just to meet certain compliance requirements, particularly when dealing with federal contracts that require Cybersecurity Maturity Model Certification (CMMC) standards, such as the Department of War, formerly the Department of Defense (DoD).
Five Essential Steps
Both experts emphasize starting with fundamentals that cost little but provide substantial protection.
• Strong passwords: Templeton uses an 18-digit password or paraphrase. “It makes it really hard for somebody to get in,” he said. Simple passwords remain the most common vulnerability.
• Multi-factor authentication: This additional layer ensures that even if passwords are compromised, accounts stay protected. Sadly, many businesses skip this simple step.
• Separate networks: “You don’t want the Wi-Fi your customers are using to be the same as the Wi-Fi you’re using for your books,” Templeton emphasized.
• Employee awareness and training: Phishing emails and texts requesting money remain primary attack vectors. “If you click on the wrong thing, you’ve just given them everything on your computer, potentially,” said Templeton. Templeton recalled a business compromised by someone posing as a delivery person. “Cybersecurity is most misunderstood,” he said.
• Know your requirements: State agencies must follow Mississippi Department of IT standards. Healthcare businesses need HIPAA compliance. Federal contractors face CMMC requirements. “Small businesses can implement cybersecurity practices promoted by these regulatory bodies with the assistance of Small Business Administration programs,” said Rivera.
Finding Help
The MSBDC offers one-on-one business counseling at no cost. Everything’s confidential. “Log on to our website and click the Become a Client button,” said Templeton. “We have a process where we get to them very quickly. We don’t have a backlog.”
The RISE Center provides specialized services in six areas: international trade, cybersecurity, financial analysis, tech commercialization, digital transformation, and market research. “But when it comes to cybersecurity, everybody needs to know something about it,” said Templeton.
The Mississippi Cyber Initiative connects businesses with resources and compliance support. Through partnerships among academia, industry, and government agencies, the initiative provides practical solutions. Through MCI’s growing network of industry, academia, local and state partners a resource may be made available.
Mississippi faces the same cyber threats as the rest of the nation – ransomware, social engineering, internal threats. “Like our national threats, ransomware, social engineering to gain network access, and internal threats have been reported in Mississippi,” said Rivera. “One great source of information on these events is our MS Cyber Unit.”
The Threat Landscape
The MS Cyber Unit falls under the Mississippi Office for Homeland Security, part of the Mississippi Department of Public Safety. It centralizes cybersecurity threat information, mitigation, and incident reporting/response center; monitors and identifies threats to Mississippi networks; shares real-time threat intelligence; and provides support for cyber incidents within the state. (Bobby Freeman, director of the Unit, did not respond for comment to this article.)
Pressing Forward
Mississippi businesses face a clear choice: Act now or wait for a crisis to force their hand. “It’s our job to make it realistic to the business owner and not make them feel like they’ve got to be a rocket scientist to understand it,” said Templeton.
Rivera sees opportunity in the challenges. “Through our organization and partnerships, we’re answering the call to provide the knowledge to improve our cybersecurity resilience and position Mississippi as a leader in cybersecurity,” he said.
The Mississippi Cyber Initiative and MSBDC are building a framework for long-term cybersecurity sustainability tailored to Mississippi’s business environment.
“We practice medicine, and we practice law, but we also have to practice cybersecurity,” said Templeton. “You’ve got to set up practices or habits in your company to protect everything you’ve got.”
“It’s not about ‘if’, it’s about ‘when,’” cybersecurity professionals say. The resources exist. The expertise is available.
“The challenge is them knowing what to protect and why it’s important and then how to do that,” said Templeton. “Because everybody’s got a digital footprint now, living in cyberspace.”