Summary: | Cybercrime is one of the quickest growing areas of criminality. Criminals abuse the speed, accessibility, and privacy of the Internet to commit diverse crimes involving data and identity theft that cause severe damage to victims worldwide. Many small businesses do not have the financial and technological means to protect their systems from cyberattack, making them vulnerable to data breaches. This exploratory multiple case study, grounded in systems thinking theory and routine activities theory, encompassed an investigation of cybersecurity strategies used by 5 small business leaders in Middlesex County, Massachusetts. The data collection process involved open-ended online questionnaires, semistructured face-to-face interviews, and review of company documents. Based on methodological triangulation of the data sources and inductive analysis, 3 emergent themes identified are policy, training, and technology. Key findings include having a specific goal and tactical approach when creating small business cybersecurity strategies and arming employees with cybersecurity training to increase their awareness of security compliance. Recommendations include small business use of cloud computing to remove the burden of protecting data on their own, thus making it unnecessary to house corporate servers. The study has implications for positive social change because small business leaders may apply the findings to decrease personal information leakage, resulting from data breaches, which affects the livelihood of individuals or companies if disclosure of their data occurs
|