Blog

Cybersecurity for SMBs include ways to authenticate users, encrypt data, and authorize access.

When it comes to covering criminal cyber activity, the bulk of news stories covering corporate cyberattacks seem to involve large, global businesses. However, big organizations aren’t the only entities that should guard against cyber threats. Data breaches don’t have to be high-impact and high-profile to have devastating consequences. Cybersecurity for SMBs should be top of mind for all business owners, as they are at greater risk for cyberattacks as they tend to be easier targets, don’t always have the resources that larger organizations have to protect their networks, and if they’re agile and mobile, have an increased surface area for cyber attacks due to increased mobility.

Why SMBs face the bigger risk

One single unprotected non-secure device, or a click on the wrong link, is all it takes. According to the 2018 Verizon Data Breach Investigations Report, 58 percent of all cyberattacks targeted small businesses. Last year, 48 percent of breaches involved hacking, and 30 percent featured malware.

There are a few reasons why SMBs are more vulnerable to cyberattacks, the main one being that SMBs don’t focus on cybersecurity the way they should. Often there’s no strategic, comprehensive approach in place, and the technology is either limited or not upgraded properly. Another big obstacle is the lack of adequate staff training by the leadership to mitigate human errors (the cause of one-fifth of the breaches, according to the same Verizon report).

And, of course, because smaller businesses operate on smaller budgets, they may not have the resources necessary to boost cybersecurity and properly address the fallout. Where a bigger organization can absorb the cleanup and containment costs the SMBs may not even survive the attack. According to the U.S. National Cyber Security Alliance, 60 percent of small companies are unable to sustain their business more than six months following a cyberattack.

What SMBs can do

Cybersecurity measures for any organization, including SMBs, fall into three major categories: authorizing access, encrypting data, and authenticating users. Here are a few cybersecurity tips for small and midsize businesses:

1. Set a security plan for mobile devices: Require your employees to report lost or stolen devices, use password protection, and install security apps. Mobile devices could be especially vulnerable if they are used on public networks.
2. Encrypt internet traffic and hide your IP address. Since public static IPs are vulnerable to hacking, the solution is deploying a mobile Private Network (PN) and moving to private static IP, making the address invisible to hackers.
3. Protect your networks by having the latest OS, security software, and web browser not only for laptops and desktops but also for operating systems on mobile devices; install key updates as prompted. Protect against viruses, spyware, and other malicious attacks by using the latest antivirus software and antispyware, and update them all regularly.
4. Train your staff on the established practices and policies for employees that clearly state the internet usage and data protection guidelines, along with the details on penalties resulting from violating those.
5. Train your employees on the most common security breaches, like phishing and spear phishing (the more individually targeted form of phishing), what they look like, how to recognize them, and what to do if the employee is targeted.
6. Use firewall software for all your networks, including home systems if your employees work from home. The SBA advises protecting “all pages on your public-facing websites, not just the checkout and sign-up pages.”
7. Back up all of your data, do it often (the process can be automated), and store the backup in the cloud or off-site. This includes financial information, HR files, any databases you use, and so on.
8. Restrict authorized access — physical and digital — by maintaining user accounts with strong passwords that are changed often; granting admin privileges to only key IT staff (including the authority to install software); and physically locking up computers, laptops, and other devices when they’re not in use.
9. In addition to creating strong, unique passwords for each user and changing them often (once every three months is recommended) consider implementing multi-factor authentication beyond passwords to further restrict entry to the most sensitive data.
10. Take advantage of other security tools, like password managers, to keep track of the unique passwords for all of your systems.
11. Delete unused accounts. A system can be hacked by using the old credentials of a former employee, for example, so keeping your accounts clean is an inexpensive way to boost security.
12. Monitor your systems continuously for the signs of compromise, such as application errors; unusually high traffic; unusual login times; operating system errors and backlogs; new and unrecognized network devices or users, etc.

Prevention and detection are the best ways to stay on top of cybersecurity for your company. Putting in best practices in place to prevent a data breach as well as to detect it if it does occur is the best you can do to avoid negative consequences.  Contact the experts at CyberReef Solutions today for more information about cybersecurity and data protection.