Small and medium-sized businesses often think they’re a smaller, less attractive target for cyber criminals. However, the exact opposite is true. SMBs are low-hanging fruit for criminals: usually they’re less equipped to handle attacks, dedicate less time to employee training, and may have their guard down in ways bigger organizations don’t.
The importance of cybersecurity to your business is significant. For SMBs to stay ahead of cyber risks, they have to consider the opportunity they pose for cyber criminals as well as the steps they can take to stay vigilant.
State of cybersecurity for SMBs
2021 saw major growth in the number of cyber attacks targeting SMBs, climbing to 46% of all attacks against businesses. Eighty percent of small and medium sized businesses are monitored by security operations centers (SOCs)—IT security professionals that protect companies through monitoring and detection of cyber threats.
This doesn’t guarantee success for companies that use these services, however. Businesses need around-the-clock monitoring, but only 57% do. Many SMBs opt to implement and monitor their own technology tools, which can create vulnerabilities they may not catch. Other businesses may have a hard time staffing their internal security technology positions, which may mean some threats make it past their defenses. Or, worse yet, don’t have the time to discover and train employees on best practices, which can lead to vulnerabilities.
Why SMBs are more vulnerable
Although large-scale businesses are a big target in terms of payout for cyber criminals, they’re also hard targets to breach. SMBs, on the other hand, rarely have the same kind of security in place or the time to dedicate to cybersecurity among their other jobs. With so much to do on a daily basis, it’s hard for many owners to dedicate time to cybersecurity. It’s also a subject that’s often a blind spot for entrepreneurs, which means most may not even know what to look for.
Soft targets are often preferred by cyber criminals since they’re easy to penetrate. SMBs are soft targets since take much less work to access than a large, more secure business does. Hacking a company that uses outdated software, or that allows employees to access sensitive information from outside their network, is much easier than one with robust security—even if the amount of financial damage they can do is smaller.
How changing your mindset can boost security
Some of the biggest vectors for security breaches are human. Cyber criminals develop attacks that prey on our natural instincts—replying to an email from a boss or client quickly, clicking on a link in an email before we check its address and sender, or other lapses in vigilance we’re all guilty of from time to time. Good cyber hygiene can make a major difference; instilling these virtues in your employees is critical.
Business owners should set the tone as far as cybersecurity goes. Encourage employees to think about the role they play in preventing attacks from being successful. One of the biggest, most difficult cybersecurity vectors to control for are our own bad habits. When we let down our guard to reply to messages too quickly, or open links without checking their authenticity, we may end up opening our entire network to bad actors.
Software tools to help
There are a host of software tools that can help SMBs better manage their technology and data. Some can be as simple as outsourcing their enterprise security to SOCs, moving their data to the cloud, or installing companywide antivirus software. Others can be more complex, such as setting up virtual private networks and restricted work applications on bring-your-own-device (BYOD) phones and laptops.
The types of tools you need depend on your industry and existing tools.
- Multi-factor authentication (MFA): These tools require users to provide both a password as well as a unique, one-time authentication code. This can help boost security as it relies on the user to provide something only they have access to, on top of their password.
- Backup and recovery tools: Businesses should backup their data often in the event of a data breach, software malfunction, or damage to company computers and networking devices. Recovery tools can help you ensure business continuity and mitigate the risk of lost data.
- Firewall tools: Firewall software can help block unwanted, intrusive, and malicious attempts to access your servers. You can also use firewalls to block access to untrustworthy or non-work related sites internally.
- Application whitelisting: Business leaders should restrict software installations to applications explicitly approved, or whitelisted, by the company. This can prevent malware from making it onto your network.
- Restrict administrative privileges: Not all employees should be able to modify system settings that can cause harm to your network, even inadvertently. Restricting administrative privileges can help ensure only those authorized to make changes may do so.
- Software updates: It’s important to update software frequently when possible. This is true for applications as well as operating systems, at updates and patches can fix vulnerabilities that may otherwise have a negative impact on your network.
Additionally, if your company is somewhat small, you may want to consider moving your setup to the cloud. Cloud-based business tools can help take the work out of maintaining your own servers and records, moving them to a remote server. These providers usually provide encryption and security tools that are more secure than what you may be able to roll out on your own.
Using the right approach to staying safe
There are several things we all can do to keep our businesses more safe from cyber attack. This might mean onboarding external security help, or embracing cloud computing at the right scale for your company. In some instances, a good approach to cyber defense may start with steps as simple as educating your team.