Too often, we encounter alarming headlines about large-scale cyberattacks against government agencies, major corporations and supply chains, and escalating cyber tensions between countries. News of these incidents may leave small and midsize businesses (SMBs) thinking they are immune to such threats given their smaller stature and comparatively limited data and finances. 

Unfortunately, this is a false sense of security. A recent report shows that nearly half (43%) of cyberattacks target SMBs. The reason, often, is that smaller businesses lack the resources and knowledge afforded by larger agencies to adequately secure their systems. Cybercriminals recognize and leverage this disparity by targeting SMBs in higher numbers. 

In Wisconsin, where N8 Solutions is headquartered, businesses are not immune. A Wall Street Journal article reports that in August 2019, hundreds of small dental practices were affected by ransomware attacks against two dental technology providers. As a result, dentists and their staff were locked out of their data. An individual involved is quoted as saying that she was “overwhelmed dealing with the incident” and that “there are more repercussions than one might assume.”

To help ensure your SMB stays secure, and to prevent the overwhelming repercussions of these attacks, we outline some of the best cybersecurity practices that your firm should follow, beginning today. 

SMB Cybersecurity Best Practices

Assess your Risk

The first step to protect your business is to assess and understand the risks you face and to identify your vulnerabilities. The most common threats today include malware, viruses, ransomware, and phishing, among others (and new threat vectors emerge all the time). Performing a risk assessment now also presents your best opportunity to make the changes and improvements that will protect your business tomorrow. 

In light of growing cyber threats, agencies like the U.S. Small Business Administration (SBA) provide lists of resources for SMBs, including a cybersecurity planning tool from the Federal Communications Commission and a Cyber Resilience Review from the Department of Homeland Security. But, SBA also acknowledges that there’s “no substitute for dedicated IT support” and that “businesses of more limited means can still take measures to improve their cybersecurity.” 

The best approach may be to partner with a reputable firm that can conduct a robust risk assessment and help you make sense of the next steps. An SBA survey suggests that 88% of SMBs feel they are vulnerable to an attack, yet many lack the time, resources, or knowledge to do anything about it. 

A trusted partner will conduct a full audit and robust assessment of your IT infrastructure to uncover security vulnerabilities and pinpoint network or desktop issues that may open your organization to attack. At N8 Solutions, for example, we offer a free network and security risk assessment and audit to make sure your business is ready to take on the latest security threats, including productivity and scalability challenges. 

Use a Firewall

Now, let’s dive a bit deeper into some of the likely action items that may be identified via your cyber risk assessment. One of the first lines of defense against a cyberattack is your firewall, which, as the name implies, acts like a security gate for entities leaving or entering your facility. A firewall is hardware or software (or both) that monitors incoming and outgoing traffic to your network and decides what activity is allowed or blocked based on a set of security rules. 

Bottom line, you should install an industry-leading firewall to provide a barrier between your data and cybercriminals. Many top-tier operating systems, like Windows, come installed with firewall programs. However, we also recommend that you check and make sure that your firewall is up-to-date and configured to not allow full and open public access. 

Do you have remote employees or staff that occasionally work from home? (Chances are you might – half of the U.S. workforce may work remotely in the near future.) You’ll also want to ensure that these locations and home systems have firewall protection. This last point actually brings up another best practice, which is to include your mobile devices in your cybersecurity action plan. This might include password-protection, security apps, or data encryption to thwart intrusion, especially as phones are often used on public networks. 

Update your Anti-Virus and Anti-Malware

Another best practice for SMB cybersecurity is to update your anti-virus and anti-malware software, vital components of a strong security infrastructure. Many cybercriminals make their way in via phishing emails and other endpoint vulnerabilities. Anti-virus and anti-malware will help you detect, protect, and remove malicious software from your business systems. The right solution can stop some of the most common and damaging attacks, including Trojan Horse attacks, ransomware, rootkits, keyloggers, and exploits. 

Make sure that you have software installed, and that it’s regularly updated to keep up with the latest security strategies. Many providers regularly provide patches and updates to secure their products and improve functionality. 

Pause and ask yourself, what anti-virus and anti-malware software do I have installed and why did I select it? Is it still supported? Does it meet my unique business needs? Is it up to date? If you need to select and install new software, many resources, such as PC Mag, offer reviews and recommendations on both professional and free anti-virus tools based on price, level of protection, and ratings. However, it can be daunting to parse through the many available options. The best approach is to work with an expert to help you identify the right software. 

Back Up, Back Up, Back Up

Another component of your SMB cybersecurity strategy is to back up your data. This is a critical best practice as, unfortunately, we now operate in a landscape where it’s more when an attack might occur, not if it will. 

Have a plan in place to regularly or automatically back up your business data and information, from all computers and systems. This might include everything from basic Word documents to large databases to financial or human resources files. Where to put it? You may want to explore multiple avenues, such as storing your backed-up data both offsite and in the cloud. Access to data that has been properly (and recently) backed up can reduce the downtime your experience following an attack and help get your business up and running again.  

People First

Lastly, another best practice is all about your people. With SMBs in particular, many of your vulnerabilities may start with your employees. (According to one report of attacks, employees were involved in one-third of incidents; 2 percent of these people were partners!) A key component of your cybersecurity strategy, then, is to arm your staff as your front line of defense against threats. The most effective way to do this is via ongoing training and education. 

You don’t need to be an expert or a professional trainer – resources are available to help you identify training topics, develop resources, and disseminate the information with your team in a way that is positive and effective. For example, the U.S. Small Business Administration presents a recommended list of training topics for a small firm, including how to spot a phishing email, how to avoid suspicious downloads, and how to create a strong password. It also suggests training on good browsing practices and how to protect sensitive customer information. This information will not only help you prevent more intrusions, but it could help you recover more quickly in the event an attack occurs. 

This is another area where a trusted technology partner can help you. Many firms, like ours, offer customized, people-first training and can help you identify, plan, and conduct regular trainings as well as  analyze the effectiveness of it all. For more training tips, please see this earlier post on employee cybersecurity training tips.

I hope this post helps you understand the present risks facing SMBs like yours – including both reputational and financial damage. (Two-thirds of small businesses that are attacked go out of business within six months and the average cost of an attack ranges from $84,000 to $148,000.) But more importantly, I hope it gives you some ideas and action steps to help you prevent and recover from future cyberattacks. 

Remember, the best way to combat cybercrime is to stop intrusions before they even happen. Take measures now to protect your business, either through your own investment in resources or in tandem with a reputable partner who can help you with everything from a risk assessment to recovery. Click here to book your assessment.