So, you’ve never had a cyber attack on your small- or medium-sized business (SMB)? That might be about to change. Research predicts that cyber attacks will increase by almost 70 percent in the next five years and that business losses from cyber breaches will exceed five trillion dollars by 2024. Do I have your attention? Good, because it is time to get serious about cyber security threats to SMBs.
SMB Cyber Security: Assessment, Best Practices, and Protection
Security threats to SMBs are on the rise, but what can small- and medium-sized businesses do about it? The best SMB cyber security plan starts with an assessment. What are your company’s vulnerabilities? What information or systems are the most vital to operations?
The next step to hack-proof your business and ensure SMB customer data protection follows best practices for cyber security, which should include at a minimum employee training, regular software updates, and activity monitoring.
Finally, a cyber security plan should identify and implement potentially beneficial protective measures, such as backing up data and software in the cloud, partnering with a managed service for cyber security, or purchasing cyber insurance for your SMB.
Assessing Vulnerabilities and Vital Systems
The first step in creating a cyber security plan is assessing and evaluating where your SMB is vulnerable and what systems and information are vital to its continued survival and success. A cyber security assessment will give your company an idea of what needs to be protected.
Many online tools are available for making such an assessment, including the Cyber Resilience Review prepared by the US Department of Homeland Security, which incorporates aspects of the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework. Commercial providers and services are also available to help with your SMB cyber security assessment. The key is to obtain an assessment from a reputable source to identify holes that need to be patched in your business’s cyber security.
Protecting against Cyber Security Threats to SMBs
To hack-proof your business, consider the problem areas identified in the cyber security assessment and how to address them. Whether or not that involves the implementation of security software or hardware, it almost always involves employee training on security matters. Two key areas commonly weak in SMBs involve password management and user-based email threats.
You’ve probably heard this next piece of advice many times, yet it remains a major challenge to SMB data breach prevention: make passwords difficult to guess, and change them frequently. It may be obvious and boring, but using password best practices can be incredibly effective. If your employees insist on using easy-to-guess passwords, despite your attempts to provide training and guidance, it might be time to install a password manager, a program that ensures that passwords are more complex, can’t be reused, and are changed regularly.
Employee training to avoid phishing emails is also essential. Phishing is an attempt through email to fraudulently obtain confidential information such as passwords, usernames, financial account information, or access to internal IT systems. These emails are increasingly becoming more sophisticated and effective. Just one click in the wrong place can compromise SMB data breach prevention measures. Training employees on how to identify and treat phishing emails is vital and should be ongoing to keep up with phishing technique advancements.
Cyber Protection Services and Products
If you don’t have IT staff or capacity to manage security internally, the best option to protect your SMB from cyber attacks might be using outsourcing your cyber security. Managed services companies frequently offer varying levels of service priced to fit businesses of all sizes, and they are usually priced by the month and the number of users. Managed service providers can partner with your IT personnel or provide a standalone service.
Data and software backup in the cloud is another protective option. Again, there are many providers of this service with various pricing levels. If you choose a cloud service for SMB customer data protection or storage, be sure to thoroughly evaluate the provider’s security measures and business structure. Be sure to evaluate the providers security in the cloud—it is not uncommon for breaches to occur at the provider level. Your business should be able to show due diligence in vetting any vendors who provide these services.
Finally, consider whether a cyber security insurance policy makes sense for your SMB. While insurance is not a substitute for good security measures, these policies can help defray the costs and damages of an incident, if one occurs.
Cyber attacks are like death, inevitable, and no one wants to think it could be right around the corner. But a cyber attack could mean the end of your SMB if preventive steps aren’t taken to minimize the impacts. Take the time to learn about cyber security threats to SMBs and make the investment to protect your SMB with an appropriate cyber security plan.