Andrew Rinaldi (left) and Rob Simopoulos, co-founders of Defendify,m a cybersecurity company in Portland that focuses on protecting small businesses. The company in June 2019 raised $1.6 million from investors. Credit: Courtesy of Defendify

A Portland company focused on assessing the vulnerability of small businesses to cyberattacks and helping them prevent incursions said Wednesday that it has attracted $1.6 million in funding to expand.

Defendify, which sells subscriptions to its cloud-based cybersecurity software, said the money came from private investors, the Maine Technology Institute and early state cybersecurity investor 3dot6 Ventures.

Rob Simopoulos, co-founder of Defendify, said the company will use the money to support its fast growth. It already employs 11 people, and plans to hire more than 11 more by the end of 2019. It is looking for a larger space in Portland that would more than double its current 1,800 square feet.

It also will use the proceeds to expand its core cybersecurity product and add partners to sell its software service.

Simopoulos would not disclose revenue, but said the company is growing 14 percent month to month and has thousands of licenses for its product. The company is two years old, and started selling the product last September.

Simopoulos has 20 years of experience in security and co-founder Andrew Rinaldi owned a web-development company for 20 years.

“We hear about breaches in large organizations every day, but 50 percent of small businesses have experienced a cybersecurity breach in the last 12 months,” he said.

Cybersecurity breaches, which include malware attacks, phishing and hacking, are becoming more common in small businesses, he said.

Business insurance company Hiscox in a study estimated the incidence of breaches at more than 50 percent of small businesses, while Security magazine put the number as high as 67 percent.

The average cost of a data breach to a small business was $120,000 in 2018, according to security software company Kaspersky. That’s $32,000 more than the previous year. The cost includes restoring the small business’ computers.

However, there are additional costs including upgrading security and repairing the business’ reputation.

Small businesses are a major contributor to economic development in Maine, employing about 57 percent of the private workforce in 2015, according to the most recent data available from the U.S. Small Business Administration.

Simopoulos said the product differs from others on the market in that it covers all aspects of cybersecurity from detecting gaps that might render a company open to intrusion, such as an employee responding to a suspicious email, to catching cyber perpetrators in the act and blocking them.

Defendify sells a subscription-based service with prices starting at $100 per month and going higher depending on features.

To protect themselves, Simopoulos said companies need to set policies so employees can understand how they are supposed to use mobile phones and social media as well as company computers.

They also should have a response plan for malware or ransomware, which halts access to a computer in exchange for paying a ransom to the intruder.

And businesses should conduct regular inspections to see if there are any vulnerable spots in their organization, he said.

The Small Business Administration also offers security tips.

It’s important to teach employees how to identify cyberattacks, Simopoulos said. Defendify can run simulations of attacks to show employees what they look like and how to respond.

“About 90 percent of cyberattacks start with phishing,” he said.

That includes discount coupons, announcements of Federal Express deliveries and LinkedIn or other social media requests sent via email, he said.

“We can send phishing simulations to employees. Then we train them on how to do their job differently,” so they don’t open those emails, he said. “Out product has automated sensing tools.”

The most commonly stolen information is emails that may contain sensitive information and user passwords.

Having adequate security doesn’t just protect the small business. Partners, including hospitals, may require small businesses to have a certain level of security, Simopoulos said. Insurance companies and regulators also may require cybersecurity assessments from small businesses.

“[Small- and medium-sized businesses] are under immense pressure to find cybersecurity solutions that help meet regulatory needs and satisfy requirements coming from their customers,” Jonathan Dambrot, Investment Partner at 3dot6 Ventures, said in a prepared statement.

Simopoulos said Defendify’s product can assess any weaknesses in the cyberdefenses of a small business and help protect them.

“We can see where they need to make changes so they can lower the risk,” he said. “And they don’t have to pay millions of dollars to do that.”