Small business owners often make the mistake of becoming complacent when it comes to cybersecurity. They think that because their businesses are small, cybercriminals will ignore them in favor of bigger prey. Many small business owners I’ve interviewed about cybersecurity casually say “there is not much to steal”. However, this outlook is completely incorrect. Security is extremely important for SMBs.
7 Cybersecurity Measures for SMBs
According to Verizon’s 2019 Data Breach Investigations Report, over 43% of cyberattacks target small and medium-sized businesses. Why do criminals attack smaller businesses? The reason is that while SMB’s have less data to lose, they also lack strong security. This makes their networks easier targets for criminals.
The new generation of cybercriminals automates their cyberattacks. This means they can target multiple businesses at the same time. So the size of an organization is of no consequence when compared to the security of their network. Here are 7 tips you can follow to make your SMB more secure and prevent data breaches:
- Firewall Protection
- Documented Policies
- Employee Education
- Mobile Security
- Strong Passwords
- Multi-Factor Authentication
- Malware Protection
Let’s take a quick look at these tips below.
A firewall system is the first line of defense against a cyberattack. Firewalls create a barrier between your network (and the data on it) and cybercriminals. I used to rely solely on the standard external firewall that came with my Optimum service plans. But it is also good practice to invest in a secondary internal firewall to make the job harder for hackers.
Many policies and processes in an SMB are not formalized. People just do what they find convenient to get the job done and pass this on to new employees. However, your cybersecurity policy is something you would do well to formally document. Look at several programs run by the FCC and the Small Business Association to help you document your protocols for use in your business.
Of course, it is not enough to print out several copies of your security policies and distribute them among your employees. You also need to spend time educating your employees about the very real dangers of cyberattacks. Many employees, especially older ones, will not take cybersecurity seriously unless you make them understand the magnitude of the threat.
Don’t make the mistake of ignoring mobile devices when creating a cybersecurity policy for your SMB. Many businesses have a “bring your own device” or BYOD policy. If you do too, then make sure your BYOD policy pays attention to device security. These days people have several devices, including their smartphones, tablets, smartwatches, and fitness trackers. All of these devices can act as potential gateways for cybercriminals. That means these devices need to have updated security protocols and follow a strong password policy.
Strong and unique passwords are one of the best ways to protect yourself from cyberattacks. Ideally, you and your employees should have separate strong passwords for all of your business accounts and devices. It is a rookie mistake to use the same password for everything. A strong password is at least 8 characters long and contains upper and lower case alphabets as well as numbers and symbols. These characters make it harder for a brute force attack to breach your account.
Don’t just rely on strong passwords to protect your business. Wherever you can incorporate multi-factor authentication for users signing in to your system. Multi-factor authentication prevents breaches even if one of your account passwords becomes compromised. It involves using secondary forms of authentication such as PINs that are not likely to fall into the wrong hands.
The final step you can take to protect your small business against cybercriminals is to invest in malware protection. After educating your employees, and making a formal policy, you would think you are safe. However, don’t assume that no employee will ever click on a phishing link.
Phishing emails are getting more and more difficult to detect, especially when half your attention is diverted to your work. Despite following all the steps above, I recently had an employee who clicked on a phishing link which was designed to look like a promotion from his Optimum internet provider. The only fail-safe is to invest in malware protection that prevents malware installations on your system.