Every day we seem to hear about new a story on the news about a large organization becoming a victim of cybercrime – such as the Microsoft data breach in March 2022 or the Cash App breach in April 2022.
So, if you run a small to medium-sized business (SMB) you’re safe from cyberattacks, right?
Wrong.
Small Business Cybersecurity Facts & Challenges
You’re at real risk of enduring a cyber attack – it’s just a matter of time. Let’s look at the facts:
- 43% of cyberattacks target small businesses (CISA, 2021)
- In 2021, very small businesses (<10 people) suffered the most from ransomware attacks and stolen credentials (CISA, 2021)
- 1 in 8 businesses are destroyed by a data breach (Brooke, 2022)
- 60% of small companies go out of business within six months of a cyber attack (Verizon, 2022)
As a leader, you may already understand just how dangerous the threat landscape is, but you face unique challenges that enterprises don’t like:
- Lack of staff
- Lack of skills
- Lack of resources
With all the risks and challenges at hand where do you begin? What elements do you ensure your IT focuses their energy on? Where do you allocate funds to first? Aligned’s experts compiled their top tips to help you get started putting an effective plan in place.
How to Use This Guide
You will find two separate sections to help you prioritize component implementation:
Part One: Outlines the top 10 elements you need to focus on integrating into your business as soon as you can. These are the most critical elements to your business and include:
- Establish Policies & Processes
- Security Awareness Training
- Endpoint Security
- Updates & Patches
- Passwords
- Backups
- Multi-Factor Authentication
- Advanced Cyber Security Monitoring
- Vulnerability Scanning
- Encryption
Part Two: Includes an additional 6 elements your business should incorporate into your plan once the first ten priorities are complete, including:
Cybersecurity is Everyone’s Responsibility in the Kingdom
Think of your organization as a kingdom. Everyone has duties that they need to fulfill to keep everything running smoothly and to protect it from invaders.
Watch our webinar to hear Aligned’s experts give you the details on the first 10 actionable cybersecurity elements you need to begin employing.
Watch Webinar
Or quickly review the 10 defenses your kingdom needs as a part of your initial cybersecurity plan below.
10 Vital Cybersecurity Best Practices for Small Businesses
Small businesses (SMBs) are often sought out by cybercriminals for their weak defenses. They know you’re not investing enough time and money into cybersecurity – if at all. Begin implementing these 10 cybersecurity best practices to safeguard your organization’s future.
Inventory
Inventory isn’t just about physical devices. It’s also about software installed on your endpoints, your hardware, and your people. You must know exactly what you’re protecting – otherwise you can’t protect it.
Additionally, if you have personally identifiable information (PII), personal health information (PHI), trade secrets, or company secrets you’ll want to take inventory of this type of information as well.
Establish Information Security Policies & Processes
This is your kingdom’s decree. Establish policies on how employees should handle and protect your information assets, computer, and network systems. Clearly outline the consequences of violating your business’s cyber security policies.
If you are starting from scratch, we recommend SANS. They have a good set of free policy templates you can download, tweak, and implement. Many of our clients start this way but do be sure to modify it to fit your organization.
Security Awareness Training
Security awareness training is your kingdom’s library. Your valued employees are typically the weakest link in your security stack, and they require education. Verizon (2021) reported that 85% of data breaches involve the human element. This is commonly achieved through social engineered phishing attacks (learn how to identify phishing in our blog).
Set your users up for success by training them – frequently. Security training is something that should be repetitive.
Download our free cybersecurity awareness training program eBook to begin strengthening your staff’s cyber resiliency.
Antivirus & Endpoint Security
Deploy a best-in-class antivirus and anti-malware solution on your company’s endpoints. Endpoint protection is your calvary. They help your business keep critical systems, intellectual property, customer data, employees, and guests safe from:
- Ransomware
- Phishing
- Malware
- And other cyberattacks
However, they’re not perfect. They can’t survey your entire kingdom at once and they might miss things. Ensure you are using a good product – as not all antivirus software is created equal. It serves as your last line of defense, so be sure it is the best at your disposal.
Computer & Mobile Device Updates and Security Patches
Think of patches as your masons – they work to protect against vulnerabilities. So, make sure to keep your devices, software, and apps updated. This is a critical and easy way to help protect yourself and the company.
In addition to security fixes, software updates can also include new or enhanced features, or better compatibility with different devices or applications. They can also improve the stability of your software and remove outdated features.
Learn the top 5 security patch management best practices.
Passwords
Follow best practices for passwords, have a company password policy, train employees on passwords, consider deploying a companywide password management solution.
Backups
Backup your laptops, back up your servers. Backup to your office and replicate it to the cloud. Test your backups. People are not infallible. They make mistakes.
Emails containing viruses are accidentally opened every day and important files are often mistakenly deleted. There’s no reason to fear these issues if you take frequent incremental snapshots of your systems.
Learn how you can make the cloud work for your organization in our eBook, Overcoming the Challenge of Cloud Security.
Multi-Factor Authentication
Multi-factor authentication combines two or more independent credentials:
- What the user knows (password)
- What the user has (security token)
- What the user is (biometric verification)
Utilize Multi-Factor Authentication whenever you can, including:
- On your network
- Banking websites
- Even social media
It adds a layer of protection to ensure that, even if your password does get stolen, your data stays protected.
Advanced Cyber Security Monitoring
Managed Detection and Response (MDR) & SIEM/Log Management (Security Incident & Event Management) uses big data engines to review all event and security logs from all covered devices and cloud solutions to protect against advanced threats and to meet compliance requirements.
Vulnerability Scanning
Test your networks and IT systems on a planned and frequent basis. A vulnerability scan detects and classifies system weaknesses in computers, networks, and communications equipment and can predict the effectiveness of countermeasures.
Encryption
Encrypt data and communications whenever possible. Data is critical to our personal lives, economic prosperity, and security. That data must be kept secure. Just as we lock our homes, restrict access to critical infrastructure, and protect our valuable business property in the physical world, we rely on encryption to keep cybercriminals from our data.
6 Additional SMB Cybersecurity Defenses
Once you have the 10 foundational elements of cybersecurity in place, then move onto these additional items for elevated protection.
Cyber Insurance
Protect your business by speaking with your attorney and insurance agent about the right sized cyber policy for you.
Mobile Device Security
Today’s cybercriminals attempt to steal data or access your network by way of your employees’ phones and tablets. They’re counting on you to neglect this piece of the puzzle. Mobile device security closes this gap.
SPAM Protection
Secure your company’s email. Most attacks originate in email. Most of the email solutions we recommend come “baked in” with high-quality SPAM protection. If your email solution does not, deploy a Best-In-Class solution designed to reduce spam and your exposure to attacks on your company via email.
Managed Firewall
Firewalls are fundamental for protecting a company’s data, computers, and networks. They are required for compliance with mandates like PCI DSS, HIPAA, and GDPR. This is a must-have for any sized business.
Turn on Intrusion Detection and Intrusion Prevention features. Send the log files to a managed SIEM. If your IT team doesn’t know what these things are or you don’t have an IT team, we urge you to look at hiring an MSP to assist you.
Dark Web Monitoring
Deploy a solution with search capabilities to identify, analyze, and proactively monitor for an organization’s compromised or stolen employee and customer data.
Discover two actions you can take right now to protect your data in our free eBook, State of the Dark Web.
Web Security Gateway
Sometimes referred to as a web filter, these solutions detect web and email threats as they emerge on the internet and block them on your network within seconds – before they reach the user. These gateways may include:
- URL filtering
- Malicious-code detection and filtering
- Application controls for popular web-based applications (e.g., instant messaging)
BONUS: Third Party Risks
Check out what our friends at Vendor Centric have to say about the risks involved when working with third party vendors.
SMB Cybersecurity: Grow & Secure Your Future
Effective cybersecurity is essential for all organizations. As a small business leader, you must make every effort you can to ensure the future success of your organization with the right elements in place. If you don’t, you may find there is no business to run after a preventable cyber attack.
Use these expert insights to develop a strategic cybersecurity plan for your organization. Understanding the foundations needed to safeguard your business allows you to properly invest funds into elements that will be the most beneficial – preventing wasteful spending.
Be proactive and stay protected in cyber.
