SMB Best Practices in Security

Are you a small to medium size business owner (SMB)? Are you actively implementing cybersecurity best practices for your SMB? Many SMBs have a mindset that cyber-attacks won’t reign down on them. The “I don’t have much to steal” attitude is common, and completely inaccurate. Research has shown that upwards of 70 percent of cyber-attacks occur at businesses with less than 100 employees. Even more alarming, more than 50 percent of SMBs have been victim to security breaches in the past year alone.

Why target the SMBs as opposed to the medium to large businesses (MLBs)?  A majority of cyber-attacks are to steal personal data for use in identity theft and credit card fraud. Though MLBs typically possess more sensitive data to be stolen, SMBs are easier targets. SMBs tend to have networks that are less secure; therefore, with these less secure networks, it is easier for cybercriminals to breach. Research has shown that the overall reasons for cyber-attacks on SMBs are lack of budget, lack of time, lack of expertise, as well as not having an Information Technology (IT) security specialist on staff, lack of risk awareness, lack of proper employee training, failing to update security systems and programs, and failing to secure endpoints. Failing to secure endpoints opens up entry points for potential security threats and attacks.

Don’t let your SMB be vulnerable to cyber-attacks.

Keep your cybersecurity policies documented.

Many SMBs function by word of mouth and sensible knowledge, but with cybersecurity it is crucial to document all protocols. There are several portals that provide online training, tips, checklists, and cybersecurity planning guides. Planning guides are a good starting point for your company’s security documents.

Keep your employees in the know.

Often SMB employees do some of everything, which means it is vital that all employees with access to the network are properly trained on security policies.

As cybercriminals become more evolved and skilled, so do cybersecurity policies. Regularly update all new protocols, institute Internet use guidelines and establish consequences for any violations of guidelines and cybersecurity policies.

Firewall usage.

Whether an employee works in office or from home, using a firewall is a must. Firewalls are the first line of defense against attacks, preventing outsiders from accessing sensitive data on your networks. Install internal firewalls along with external; give your SMB additional protection between cybercriminals and your data.

Mobile device security.

Mobile devices raise major security concerns for SMBs. Particularly, if they contain confidential data, and have access to the network. Your device goes where you go. If an employee’s mobile device has access to your SMBs network, the information becomes easily accessed when on a public network. Require employee’s to encrypt their data, install trusted security apps, and password protect their devices. Which brings us to our next best practice.

Password policies.

A safe password practice is imperative for SMBs. “Password1234” “John4321” are big
no-no’s! Have your employees create strong and unique passwords for all devices that access the network. It is recommended that passwords should contain both upper and lower case letters, as well as symbol and numbers. Check with your SMBs vendors that handle personal data and see if they offer a multi-factor authentication. Implement multi-factor authentication on your network and emails. It is simply done and is an added layer of protection. Although employees may find it to be a pain, have and implement a policy that requires all employees to change their passwords every 3 months. Password changing is far less painful than a cyber-attack on your business.

Back it up.

Regularly back up all of your SMBs data; spreadsheets, HR files, accounts payable/receivable, word documents, as well as all of the data in the cloud. Use an automatic backup data setting, if it is possible, or do so manually every week. Have a separate location for your backup files; preparedness for all disasters is key.

Protect what’s yours.

When an employee clicks a link in a phishing attack, malware gets installed. Be sure to install anti-malware software on all devices. Make sure your SMB has all of the latest security software, as well as operating system. Set antivirus software scans to run after each and every update. As soon as software updates are available, install them. Keep your machines clean and protect your data.

As cybercriminals get savvier, SMBs and employees must keep cybersecurity as a top priority. Therefore, it is important to stay informed and up-to-date with the newest prevention technology, and stay on top of the newest trends in cyber-attacks. Keep your SMB safe.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Leave a Comment