Small business owners have one primary goal: to grow their business. This often means that they wear several hats at once. They primarily focus on customers and revenue, but often serve as the jack-of-all-trades for just about everything else, from HR to legal to marketing.
Security in small businesses is a particularly underserved function, and you can’t blame small business owners for underestimating the risks. Many of the cybersecurity attacks and breaches we see in the headlines are happening at large enterprises.
That doesn’t mean small businesses aren’t targeted by hackers, though.
On the contrary, most small businesses have been attacked. According to Accenture’s Cost of Cybercrime study, 43% of cyberattacks target small businesses, but only 14% are prepared to defend themselves.
The stakes are real and the sophistication of modern security threats continues to grow.
And while most small businesses won’t be able to muster the resources of an enterprise security team, there are still key steps business owners can take to begin closing security gaps and to protect themselves now.
It all starts with an end-to-end strategy covering traditional IT security, mobile protection, policymaking, access control, Wi-Fi security, and more. As you build your strategy, here are the main pillars you’ll want to focus on:
Understand risk and identify key digital assets
From phishing, ransomware, and malicious ads to clickjacking, unwanted downloads, and software vulnerabilities, there’s an ever-growing list of threats that pose a danger to small businesses.
Understand the threat landscape and find out what a successful attack could mean for your business. From there, identify your key digital assets: from hubs in your network to personal devices used by your employees and customers, take stock of your digital landscape so you can learn how to protect it.
Protect your network access
Take a holistic approach, ensuring firewall, endpoint and Wi-Fi network security. Firewalls are still one of the most effective security measures, monitoring and controlling network traffic and placing a barrier between internal networks of trust and the outside world.
Your Wi-Fi network, whether internal or customer-facing, is a ripe target, and vulnerabilities have been discovered in even the most secure networks. Use a secure router in a safe location and secure keys that require a password to log in. Every device on your network, whether company-owned or personal employee or guest devices, is also a potential point of weakness.
Today, with more and more employees connecting remotely, it can be even more difficult to maintain end-to-end security. Implement endpoint protection on your company-owned devices to continuously scan and update for the latest protections. For remote workers, consider adding a business-grade connection to their home office.
Protect your access credentials
Implement an access control strategy, determining which people within your organization need access to which types of data. In addition to access control policies, ensure that the credentials of everyone in your organization remain protected. Implement password management and educate employees on the use of strong passwords.
Be sure to train employees in basic security practices and codify best practices into policy. Areas of focus include strong passwords and appropriate Internet use, as well as the proper handling of customer information or other sensitive data.
Ensure network equipment and devices are updated frequently
A few years ago, the headline-grabbing WannaCry and Petya ransomware attacks exploited Microsoft’s Windows Server Message Block (SMB) protocol.
A simple update would have prevented the infection, demonstrating the importance of patch management to prevent attacks. Implement strict patch policies to ensure users don’t skip software update prompts, or better yet, deploy automated patch management so that no human action is required.
Maintain backup and restore
Especially when it comes to fighting ransomware, regular data backups are an integral part. If your data is held by hackers looking for payment to grant access, you remove their leverage if you have data backups handy. It is recommended that you automate this process so that you don’t have to rely on individual users to do the work.
Use outside expertise
Cybersecurity is complex and it is difficult to have a complete understanding of cybersecurity without the help of an expert. Especially for small businesses, partnering with a managed security service provider (MSSP) can help get you started on the right foot, but even organizations that already have in-house security expertise can benefit from consulting externally.
Unfortunately, cybersecurity threats aren’t going away anytime soon, and data shows that small businesses are increasingly in the crosshairs of malicious hackers. Small businesses, even without cybersecurity teams, however, have the capabilities to mount an effective defense against attacks.
To protect against malware, ransomware, and costly bots, small businesses should implement 360-degree cybersecurity measures that include antivirus programs, firewalls, and network security solutions that proactively protect all devices connected to your network.
Cybersecurity monitoring: See more stories on this topic.