Top 7 Cybersecurity Practices for Your Small Business
SMBs are under threat from cyberattacks. Here's a look at seven cybersecurity practices to help boost network and data defense.
Some believe that big businesses face the largest risk of cyberattacks. And it makes sense — large enterprises often handle high-value data on a massive scale, making them tempting targets. However, small and midsized businesses (SMBs) are more often targeted than their corporate counterparts.
SMB cybersecurity practices are still lagging behind. According to Small Business Trends, only about 25 percent of small businesses felt prepared should they encounter a cyberattack.
Here are seven best cybersecurity practices to help boost SMB defense.
Prepare for Possible Failure
It's no surprise that SMBs don't invest as much as enterprises in cybersecurity. Not only do they perceive their data as less tempting to cybercriminals, but Small Business Trends reports that 57 percent struggle with limited IT budgets, while 54 percent say they don't have enough time. Unfortunately, as noted by Forbes, 60 percent of small businesses close their doors within six months of a cyberattack.
Be sure to ask the tough questions: What happens if attackers gain access to secure data? What if they export or delete it? The answers are uncomfortable but provide a clear-cut end result, allowing businesses to identify and spend on security solutions that suit their specific failure needs instead of over-budgeting for generalized outcomes.
Reinforce the Importance of Passwords
Passwords are a constant source of frustration for staff and security teams alike. If they're too simple, SMBs are under threat of credential theft; if they're too complex, employees will never remember them. But passwords aren't going away anytime soon, as they still provide a solid middle ground between ease of access and actionable defense.
It's key that SMBs reinforce better password practices. Start with a secure password manager application that helps staff organize multiple passwords and eliminates the need to write down access details on sticky notes or store them insecurely. Next, opt for two-factor authentication. This requires staff to enter one-time codes sent via text message or use physical access tokens such as USB keys to access business networks, in turn reducing the value of stolen or hacked passwords.
Defend Your Borders
Firewalls have long been a staple of cybersecurity defense. These solutions are designed to block incoming traffic and network requests which originate from insecure sites or include malicious data. However, the advent of cloud computing has forced a reinvention of firewall security practices — with corporate computing borders now flexible and ever-changing, application- and web-based firewalls have emerged as critical resources in the fight against malicious activity. Investment in advanced firewall solutions empowers SMBs to both protect networks on a per-app basis and discover (and contain) traffic that displays odd or aggressive behavior.
Cybersecurity solutions don't exist in a vacuum. No matter how much SMBs spend on tools and technologies, end-users remain the critical link between defense in theory and security in practice. As noted by Information Security Buzz, cybersecurity is similar to oxygen — companies need it to survive and employees expect it to be there. The challenge is that it's often invisible to the casual observer, making it hard for staff to understand the connection between their behavior and risks. As a result, it's critical for SMBs to include staff in the security decision-making process and educate them about potential security hazards.
Back It Up
Want to increase the chance of long-term survivability after a cyberattack? First, accept that any SMB — no matter how prepared — may still fall victim to malware or DDoS attacks. Then, look for solid backup solutions that support an immediate fail of critical systems and data, and allow long-term storage of essential data.
Don't Go Alone
SMBs can't do everything alone; as mentioned above, both time and money are stumbling blocks for many businesses. But as noted by PC Magazine, smaller businesses simply aren't equipped to handle this kind of security in-house. Consider virtual private network (VPN) services, which obscure employee activity online from malicious activity. Specialized providers now offer cloud-based VPN services that work across desktop and mobile devices, both improving security and reducing risk across the organization. Therefore, SMBs need to focus their time and resources on boosting revenue and driving innovation. Trusted third parties can help bridge the security gap.
Dodge the Hook
Phishing remains a top threat for SMBs — as noted by the FBI, business email compromise is on the rise globally. Hackers may send well-written, legitimate-looking emails to staff which appear to be from trusted partners or C-suite executives; they often demand immediate action. In reality, they're advanced phishing attempts designed to gain critical access. The trick to dodging the hook is to create an "ask first, ask second" policy. If staff are unsure about an email or its contents — even if it appears to be from the CEO themselves — their first step is confirmation: Is this email legitimate? Who sent it? Why? Speed and uncertainty are the allies of malicious activity. Stop them in their tracks with a slow and cautious approach.
Cyberattacks don't spare small businesses — in many cases, they're first on the list of hacker targets. In order to reduce the risk, boost your defense with essential security practices. Be prepared for possible failure, implement new password and firewall tools, include employees, always back up data and don't be afraid to leverage third-party expertise.
This material is presented for informational purposes only and should not be construed as individual tax or financial advice. KeyBank does not provide legal advice.