July 2025 | Michael Fechter
Artificial intelligence is helping hackers target more small to mid-sized businesses that might have felt more immune to ransomware and other attacks, says Cathy Mulrow-Peattie, a partner at Hinshaw & Culbertson’s New York office who helps lead the firm’s cybersecurity, privacy and AI practice. “These cyber criminals as well as threat actors from other countries, they’re looking for data and money — wires and other types of payments that can make them money. This is a business to them, and this needs to be understood as well,” Mulrow-Peattie says.
She offers these steps that smaller businesses can take to protect themselves:
- Seek federal resources and training from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) and the U.S. Commerce Department’s National Institute of Standards & Technology (NIST) best practices.
- Test your system yearly.
- Have backups. “Those are the things that cost the most when you get hit. If you don’t have disaster recovery backups, that can take your whole business down.”
- Encrypt your data and use multifactor identification even if you don’t like it. “It’s better than losing all your data.”
- Have an incident response plan “so you know what to do and who to contact, including your insurance provider, in the event of an attack as well as your attorney.” The Florida Bar emphasized this in recommended guidelines it approved for its members last spring.
- Train employees on sophisticated AI impersonation and social engineering.
- Inventory your assets and data. Often it’s in older environments that can be the infiltration point. Figure out whether you need to keep all the data you have stored. “You don’t have to keep everything. If you don’t need it, delete it. They can’t attack something you don’t have.”