Alex Niejelow, senior vice president, Cybersecurity Coordination and Advocacy discusses cyber readiness in the time of COVID

Small and medium businesses provide the culture and backbone for so many of our local economies. Take a stroll down Main Street, USA and you’ll see the hard-won efforts of beloved mom and pop shops and cafes. And a quick glance at social media shows the lengths folks are going to keep their businesses alive during these fraught times. These establishments mean a great deal to me personally — my wife’s family immigrated from Greece and have been running their restaurant in Somersworth, New Hampshire for over 30 years.

Alex Niejelow’s father-in-law Thomas Kefalas, owns Somersworth House of Pizza, one of the millions of American small businesses affected by the COVID-19 pandemic.


Small businesses always have unique challenges, but in the days of COVID-19, many of them are fighting for survival. Even with the “closed” shingle on the door, many are trying to keep employees on payroll, figure out the fine line between supply and demand and pay the electricity bills. And an invisible threat looms large for many of these businesses — the potential for them to become a victim of cybercrime.

A little over two years ago, Mastercard co-founded the Cyber Readiness Institute (CRI). In creating the initiative, larger Fortune 500 companies banded together and deliberately set out to level the playing field for small- and medium-sized businesses by providing them resources and materials free of charge to help them improve their cybersecurity capabilities against the growing number of cyberthreats.

Roughly 60% of businesses shut down within a year after being hit by a cyberattack. Our mission is to assist them in safeguarding important information and to prevent attacks to their vulnerable points. We find it unacceptable that while small businesses are not only staples of their communities (and collectively some of the largest revenue generators and job producers in our economy), they’re one of the most underserved groups when it comes to cybersecurity.

We are seeing increases in targeted attacks against companies as well as manipulation through phishing and campaigns that center on concerns over COVID-19 issues. We also know that underserved communities are often the ones getting exploited in times of need.

Given the current digital environment — especially with a significant amount of the world operating from their homes — the moment is ripe for cyberattacks. The CRI is a great resource to show these groups how to protect themselves.

All too often, small and medium business owners are running everything themselves —so IT precautions can slip through the cracks. Sometimes, the most seemingly innocuous move can sideline a business when it comes to digital protection. For example, if any of your login passwords include the word “password” and a series of numbers one through six or one through seven, well, you are one of the reasons I stay up at night.

With so many passwords to keep track of, it might seem convenient to use something familiar but hackers are almost always one step ahead of that. The most common default password is still “password123456” followed by “password 1234567”. This isn’t just used for things such as bookkeeping software. Hackers have managed to use it to get into connected tech such as baby monitors and computer cameras that are easily found in home offices.

The work at the CRI goes beyond passwords. Through our research, we’ve also identified other primary ways these sophisticated attackers break into businesses. Phishing emails and software downloads are two huge culprits, while another forgotten area of vulnerability comes in the form of unsecured USB drives that fall into the wrong hands, leaving the material on them subject to scrutiny and potential cybercriminal activity.

As we empower these businesses with tools to better thwart cybercriminals and protect their sensitive information, it’s our hope that they can feel expert enough to spot their potential vulnerabilities. But that is only part of the story. I often think that a small business might not know about the resources available through the CRI without a direct referral, which is why getting the word out is another mission we hold dear.