Small to Midsize Businesses (SMBs) are often overlooked and underserved in the cyber security market, making them a prime victim for opportunistic attackers looking for easy targets. With the primary focus being on company growth and maintaining profitable margins, it’s difficult for SMB executives to justify a security budget that appears to have little return on investment. With high costs for tools and security professionals, and a large cyber security learning curve, SMBs are left with the daunting task of trying to figure out; “Where do I even start?”
While getting started isn’t always easy, there are several steps SMB executives can use to begin building security measures that will help get organizations on their way to preventing cyber attacks on their business networks. Below are five easy steps that can be implemented to ensure some of your basic security needs are met:
1. Build a Perimeter Around Your Critical Systems
When you leave your office at the end of the day, you normally lock all of the doors, and store all key business assets in a protected place. The same should always apply to your critical systems that hold your most valued data as a business. Perimeters can be implemented in various ways including restricting user access to key systems that hold protected data, or implementing basic boundaries through deploying firewalls. No matter what method you choose, the main focus of the perimeter should be on making your company’s “Crown Jewels” difficult to access. This can be accomplished by building barriers between what’s important to you and the attackers who want steal them.
2. Employee Training and Security Awareness
From IT misconfigurations to uneducated end-users, 95% of cyber attacks are due to user error. Since most security incidents can be prevented at some point through human interaction, it is essential to train your workforce on security best practices. By training your employees, you make cyber security everyone’s responsibility. Even basic end-user training and awareness can improve your security posture; learning how to avoid a phishing attack or sharing best practices for implementing dual-factor authentication on personal devices used in the business setting are instrumental building blocks to building a stronger security plan.
3. Keep Your Company Software and Hardware Up to Date with the Latest Patches
While users are normally the main target for hackers to gain access to your business, vulnerable systems and software are used as the landing zone for exploiting your network. According to a Voke Media Survey, 80% of companies who had a data breach or a failed audit could have prevented it by patching vulnerabilities on time or doing configuration updates. In fact, a majority of Ransomware effecting SMBs today could easily be avoided by keeping software patched and up to date. For patching best practices, businesses can work with their IT team to identify the most critical systems on their network to ensure they are patched first. Additionally, there are many automated tools available that support patching systems with little to no human interaction. The important thing to remember is that patching is like ensuring glass windows are shatterproof: it strengthens the weakest access points that are most susceptible to attacks.
4. Back-up Your Data, and Do It Often
With Ransomware attacks on the rise and affecting many small businesses, secure encrypted backups have become an essential part of security. By backing up your data off-site or in a cloud environment, businesses can protect themselves from data loss and downtime after a breach. Backups can decrease financial and operational downtime losses significantly. The City of Baltimore experienced over $18M in losses after its Ransomware attack in 2019, because they refused to pay the ransom – and did not have viable backups. Another small business based in Arkansas had to fire 300 employees right before Christmas because of a failed Ransomware recovery. Bottom line: Back up data to avoid closing the doors!
5. Build Basic Security Policies and Make People Adhere to Them
Creating some common expectations around security serves as a great way to ensure everyone is participating in best practices. These strategies can range from end-user policies that include using secure connections when logging in remotely to best practices in IT management. By creating security policies that fit each organization’s needs, businesses can make sure that they are always practicing good cyber hygiene across all business operations.
If this list still sounds overwhelming, your best bet is to hire a virtual Chief Information Security Officer (CISO) to help get you started. Virtual CISOs give you the flexibility of having a security expert that can help build your cyber security plan without the high cost of hiring someone full time. This can be an extremely effective way to begin your security journey with the right guidance and most importantly, at the right price tag.