Building a Cybersecurity Strategy to Protect Your Small Business
Entrepreneur's New Year’s Guide
Small business owners have one primary focus: growing their business. That often means that they wear several hats at once — they’re opening the doors in the morning, working with customers or employees all day, taking care of administrative tasks, and drumming up new business. They are focused primarily on customers and revenue, but often serve as a jack of all trades when it comes to just about everything else, from HR to legal to marketing.
Security at small businesses is an especially underserved function, and you can’t fault small business owners for underestimating the risks. Many of the cybersecurity attacks and breaches we see splashed across headlines happen at huge enterprise organizations.
That doesn’t mean, however, that small businesses aren’t a target to hackers. On the contrary, most small businesses have been attacked. According to the Ponemon Institute’s “2019 State of Cybersecurity in Small & Medium Size Businesses” report, 66% of small businesses said they had been the target of a cyber attack in the preceding 12 months. Almost one-third (63%) said they had been the victim of a data breach with severe financial consequences.
There are real stakes, and the sophistication of modern security threats continues to advance. And while most small businesses won’t be able to pull together the resources of an enterprise security team, there are still key steps business owners can take to begin closing security loopholes and protecting themselves now. It all starts with an end-to-end strategy covering traditional IT security, mobile protection, policymaking, access control, WiFi security, and more. As you build out your strategy, here are the key pillars you’ll want to focus on:
Understand the risk and identify key digital assets
From phishing, ransomware, and malvertising to clickjacking, drive-by-downloads, and software vulnerabilities, there’s an ever-growing list of threats posing a danger to small businesses. Understand the threat landscape, and learn about what a successful attack could mean for your company. From there, identify your key digital assets: from the hubs of your network to the personal devices used by your employees and your customers, take stock of your digital landscape so you can learn how to protect it.
Protect your network access
Take a comprehensive approach, ensuring firewall, endpoint, and WiFi network security. Firewalls are still one of the most effective security measures, monitoring and controlling network traffic and placing a barrier between trusted internal networks and the outside world. Your WiFi network, whether internal or customer-facing, is a ripe target, and vulnerabilities have been found in even the most secure networks. Use a secure router in a safe location and secure keys that require a password to join. Every device on your network, whether company-owned devices or employee or guest personal devices, is also a potential point of weakness.
Now, with more and more employees logging on remotely, maintaining end-to-end security can be even more difficult. Implement end-point protection on your company-owned devices to continually scan and update for the latest protections. For remote workers, consider adding a business-grade connection to their home offices.
Safeguard your access credentials
Implement an access control strategy, determining which people within your company need access to which types of data. On top of access control policies, ensure that the credentials of everyone in your organization remain protected. Implement password management and educate employees about the use of strong passwords.
According to the Ponemon report, 70% of companies said negligent employees put their company at risk for ransomware attacks. Make sure to train employees in basic security practices and codify best practices into policy. Areas of focus include strong passwords and appropriate Internet usage, as well as the proper handling of customer information or other sensitive data.
Ensure that network equipment and devices are updated frequently
The headline-grabbing WannaCry and Petya ransomware attacks a few years ago exploited Microsoft’s Windows Server Message Block (SMB) protocol. A simple update would have prevented infection, demonstrating the importance of patch management to staving off attacks. Implement strict patching policies to make sure users don’t ignore software update prompts or, even better, deploy automated patch management so no human action is needed.
Maintain backup and recovery
Especially when it comes to fighting ransomware, regular data backups are integral. If your data is held captive by hackers looking for payment to grant access, you remove their leverage if you have data backups handy. It’s a best practice to automate this process so you don’t have to rely on individual users to carry out the work
Tap outside expertise
Cybersecurity is complex, and it’s hard to get a full grasp of cybersecurity without expert help. Especially for smaller companies, partnering with a managed security services provider (MSSP) can help you get started on the right foot, but even organizations that already have security expertise in house can benefit from tapping outside consultation.
Unfortunately, cybersecurity threats aren’t going away any time soon, and the data shows that small businesses are increasingly in the crosshairs of malicious hackers. Small businesses, even without cybersecurity teams, do have the capabilities, however, to mount an effective defense against attacks.
To protect against costly malware, ransomware, and bots, small businesses need to implement 360-degree cybersecurity measures that include anti-virus programs, firewalls, and network security solutions that proactively protect all devices connected to your network.
Comcast Business SecurityEdge can help protect the Internet-connected devices that employees and guests use from malware, ransomware, phishing, botnets, and more. Comcast Business at Home provides a dedicated business-grade Internet connection with the option of added security for remote workers.
Get more insights, advice, and best practices to keep your business protected here