Site icon West Virginia Small Business Development Center

My 5 Cybersecurity Recommendations for All SMBs

by Corey Cutler

In the world of business, risk is a familiar word in any entrepreneur’s vocabulary. Great business owners understand and measure risk when making any decisions that affect the longevity of the business. However, not every business owner knows how to assess their cyber risk in the Digital Age.

Cyberattacks are making headlines weekly, causing major disruption to all sizes of businesses across the globe. Some local small businesses may think they are too small to be targeted but according to a new report, cybercriminals are three times more likely to target small businesses than larger companies. Try implementing these five tips and you can reduce the likelihood your business will be the next target.

Assume you will be attacked

Modern cybersecurity practices assume that given enough resources, any defense can be breached. With that in mind, cybersecurity experts will recommend that you apply multiple layers of defense in between your critical data and threat actors. This starts with using a strong password and goes all the way to restoring backups in the event the attack interrupts your critical business systems.

Backup your critical data

Start from the worst-case scenario – if you were infected with ransomware tomorrow, you would wish you had started with setting up backups.

Think about the programs you use every day. What would you do if you couldn’t use any of your day-to-day systems for two days or even two weeks? If you’re in manufacturing, you might lose tens or hundreds of thousands of dollars in revenue. If you’re in the medical field and seeing critical patients, this information being readily available can mean the difference between life and death.

Now, think about what you would do if those systems were completely wiped on Monday morning. How quickly could you get operations back up and running? As a business owner relying on your systems for operations, you should know your “recovery-time-objective”, or how long it takes to get a system back up and running in the event of failure. Do you have backups of this data? If everything on your network was infected with ransomware, do you have offsite backups of this data? 

Businesses should back up critical data daily at a minimum. Some critical data needs backed up every six hours or even every hour. Don’t wait until after you have an incident to start backing up your data! Once you have automatic, reliable backups running, move on to protecting your credentials.

Turn on Multi-Factor Authentication

Yes I know what you’re going to say… It’s annoying to have to type in a 6 digit code every time you want to login. I agree with you. That’s why there are newer MFA solutions that can be configured to let you simply tap your smartwatch or push “Accept” on a smartphone notification. Chances are, if you have not jumped on the multi-factor authentication train, you will be forced to use it soon.

The gist behind MFA is that having a second factor to your login prevents attacks from people who know your password. Even if you fall victim to an email phishing attack and someone gets your password, they will also need to have your mobile phone or security device to log in as you. Many of the headlines seen about cyberattacks could have been prevented if the victim’s logins required MFA. 

Install Security Patches

One of the commonly overlooked points of maintaining a secure digital environment is basic update management. You shouldn’t have to wonder “did my computer get the latest security patches?” There are many tools to help orchestrate updates over a large organization but the simplest method is to enable automatic updates for your Windows or macOS operating systems. After you enable automatic updates, start getting into the habit of restarting your computer once a week or every end of the day so that patches can be applied.

Install Antimalware Software

An ounce of prevention is worth a pound of cure

Modern operating systems come built-in with security features that try to keep your device safe and secure, but I believe that every business device needs to have antimalware software installed on it. The best tools are leveraging AI and behavior analysis to detect malicious activity within milliseconds of the attack, far outperforming the traditional signature-based scanning solutions. This type of software is often more affordable than business owners realize, particularly when compared to the average ransom payment of Q2 2022 which was $228.125. If you do have a breach, this type of software will severely reduce the impact and spread of the damage and potentially save a company from shutting its doors.

Summary

These recommendations are applicable to any modern business, even if the only technology you use at your business is an e-mail account. For most small businesses (less than 10 employees), you can hire a consultant to help set all of this up for you in a week or even a day. After implementing these suggestions, your business will exponentially reduce its risk of disaster when your coworker clicks on the "uRgNT INvOICE paYMent" email that YourCEO294817@gmail.com sent him.

Exit mobile version