If you are a SMB owner trying to strengthen your cybersecurity quickly but, most importantly, efficiently, you are in the right place. When running a business, it is common to prioritize other aspects over cybersecurity – especially in SMBs.
Yet, when facing an attack, SMBs are the least likely to recover from a cyberattack. The consequences can be financial, operational or even reputational, leading businesses to shut down months after the attack. A staggering report from the National Cyber Security Alliance shows that 60 % of small business will close within 6 months following a cyberattack, in case of a data breach.
Creating an actionable cybersecurity strategy for your business takes time and months can pass before something is fully implemented. To help you get started, we’ve compiled in this article, a list of easy habits – cybersecurity best practices – that you can implement right away.
I. Password policy
Strong passwords are, of course, the basic first step to secure your company. You need to require that all your employees choose complicated and different passwords every time one is needed. A good password should be difficult to guess, at least 12 characters long, include a mix of uppercase and lowercase letters, numbers, and special characters.
To generate these types of passwords, without having to memorize them, use password management tools that will automatically create some and save them for you.
II. Two-Factor Authentication
To secure the access to all sensitive information and systems within your company, implement a Two-Factor Authentication (2FA) wherever possible. It will enhance the security of your company requiring two forms of identification. Each time someone tries to access a critical resource or system, they will have to first enter their username and password. Then, they’ll have to authenticate themselves a second time
- Either by entering a code received by SMS
- Or through an authentication app like Microsoft Authenticator or Google Authenticator.
Ideally, the phone used isn’t a personal phone but a company phone, in order to protect your SMB even more. Smartphones can be a security vulnerability for companies , especially if private and professional use are mixed.
III. Back-ups
Implement a back-up policy in your company. Your teams should back-up data on a daily basis. The back-ups can then be stored in a secure location. Some companies back everything up in the cloud, which can be a security risk since clouds are also vulnerable to cyberattacks. Back-ups can seem like a very simple cybersecurity guideline, yet they are the easiest way to protect your company against ransomware.
As the 2nd biggest cybersecurity risk for SMBs , ransomware need to be taken very seriously. It is frequent to read a news article about a business going bankrupt because of a ransomware attack. The Times recently reported on an SMB that was in business for 150 years and went bankrupt in three months following a ransomware attack .
Frequently backing up your data will make you less vulnerable to these types of attacks, as you will have all your data stored and won’t be as affected if you lose access to it.
IV. Limit access (physically and digitally)
Only specifically chosen and authorized staff members should have access to your physical critical infrastructure, back-ups, or any other resource linked to your cybersecurity. Digital accesses should also be limited:
- Administrator privileges should be restricted to trusted people in your company – ideally your IT team
- Employees should only have the minimum level of access necessary to do their job
V. Updates
Continuously make sure all your software is up to date. Always keep an eye on the latest updates or patches suggested by your software. They are there to fix a vulnerability that has been found and thus, will secure your infrastructure. Choose to automatically update your software to gain time but regularly check for updates.
WannaCry, a worm and ransomware, infected over 200.000 PCs in 156 countries in 2017. 12-months prior to the attack, Microsoft released a security patch to counter this attack. Only the PCs that didn’t install the patch ended up being victims of it.
VI. Business continuity plan and Disaster recovery plan
To secure your business, you should also prepare for the worst scenario.
How could your business keep operating if it had to undergo a cyberattack? We listed the top threats for SMBs here . Each has a different outcome; what would you do in each case to keep your business running? Following the WannaCry attack, for example, the English National Health System reconsidered its business continuity plan and updated it to match the impact that attack could have had on their operations.
Additionally, create a disaster recovery plan. What do you have to do to restore your systems and data if you have been victim of an attack? Make sure the whole company knows about these steps in order to recover as quickly as possible.
VII. Employee training
There are countless examples of cyberattacks that occurred from a human error. IBM did an extensive study on security breaches. The conclusion was that in 95% of these breaches, human error was a contributing factor. Since phishing attacks are the biggest threat to SMBs (and solely rely on human error), employee training is key to your cybersecurity. You can, for example:
- Reexplain the cybersecurity measures in your company
- Have trainings about cybersecurity best practices (strong passwords, secure web browsing…)
- Simulate phishing attempts or other threats
- Have workshops on how to respond in case of an attack
VII. Ensure that everything is protected
Finally, make sure that every part of your company’s infrastructure is protected. This is partly done by regularly verifying that your cybersecurity measures are efficiently implemented: are the back-ups done daily? Is your business continuity plan up to date? Are your employees aware of phishing attempts?
In addition to these best practices, you need to secure your computers, smartphones or tablets against cyberattacks. An End Point Detection & Response (EDR) solution will protect you against all the threats SMBs are victim of, even those created by AI that aren’t known yet. We offer the most budget-friendly EDR on the market, that is tailored for SMBs. Find out more here: https://tehtris.com/en/platform/edr-endpoint-detection-response/
To secure the rest of your infrastructure (your smartphones and mobile devices), a Mobile Threat Detection (MTD) solution will help you manage them while protecting you against threats. Read all about it here: https://tehtris.com/en/platform/mtd-mobile-threat-defense/