(TNS) — A report by a cybersecurity company says the Harrisburg-Lancaster, Pennsylvania metropolitan area is one of the areas where small businesses are most vulnerable to cyberattacks.

The report by Coronet ranks the Harrisburg-Lancaster region as the fifth most vulnerable out of the country’s 50 largest cities.

“Cybersecurity in the City: Where Small Businesses are Most Vulnerable to Attack,” is a follow up to Coronet’s first-of-its-kind study last year looking at data breaches and security events at companies around the country.

The four cities that where small business are more vulnerable than the Harrisburg region? They are:

  1. Las Vegas, Nevada
  2. Houston, Texas
  3. New York City, New York
  4. Miami-Fort Lauderdale, Florida

The report says the Harrisburg-Lancaster-Lebanon-York area is at risk, in part, because of the high number of jobs in government and health care. Also, it’s the center of a state ranked second worst in another study, with 195 cyberattack victims for every 100,000 people.

According to the study, in the Harrisburg region:

  • 6 percent of Coronet users access cloud apps from devices with no passwords, which is 50 percent higher than the national average.
  • 2.5 percent of users access cloud apps from devices without an anti-virus or without updated anti-virus programs, nearly three times more than average.
  • 17 percent of users access cloud apps from medium-risk networks, more than twice the national average.

Terrill L. Frantz, associate professor of cybersecurity at the Harrisburg University of Science and Technology, takes issue with the way the study is presented.

“The notion of ranking a region in such a manner is really inappropriate,” he said.

Geography has little to do with cyberdefenses, he said adding ,“I don’t think there’s anything specific to Harrisburg or Lancaster that makes us more prone to cyberattacks than any other part of the country.”

But the study does have a significant positive side.

“As this trickles out in media, I’m hopeful every small- and medium-business owner sees it and asks themselves one more time, or for the first time, ‘What am I doing to protect my business?'” Frantz said.

It seems that’s part of what Coronet wanted to do, though the company argues geography does matter in many instances.

“The intent of this report is to demonstrate that each city possesses unique attributes which make them more or less vulnerable in terms of cyber risks,” Guy Moskowitz, founder & CEO, Coronet, said in a news release. “It’s not surprising that business destinations like Las Vegas and New York are relatively more vulnerable given the density and attractiveness to attackers.”

Increasingly, small and midsized businesses are targeted by those who see them as easier prey, he said.

“It’s our hope that this research will help demonstrate the risks present in different markets and encourage small businesses to take a more proactive stance towards improving their cybersecurity posture,” he said.

For the study, Coronet researchers collected and examined data from 93 million security events automatically chronicled by the system.

The problem for many small businesses is that they’re struggling to bring in revenue, and spending money on cybersecurity may not be a top priority, Frantz said. It’s a problem of resources.

But there are two simple things that every business can do to cut down on cyberthreats, he said.

For one, business owners can make sure their employees are aware of fishing schemes, particularly through email, in which they are invited to click on a link that opens them up to a cyberthreat.

The second thing is to be sure someone is monitoring the business’s software and ensuring it is up-to-date with the latest patches and updates.

©2019 The Patriot-News (Harrisburg, Pa.). Distributed by Tribune Content Agency, LLC.