All you need is a quick web search to understand how catastrophic it is for businesses to fall victim to cybercrime. Ransomware, malware, data theft, leakage of personal and financial data of employees and customers — all these, unfortunately, have become pretty common news. Invariably, cybercrime aimed at large enterprises makes it to the mainstream national and international news. However, small and medium-sized businesses are placed at equal risk, if not more. It’s just that the instances of cybersecurity breaches in SMBs don’t get appropriate coverage. As a result, the general awareness among businesses, as to how they can keep themselves safe from cybercrime, isn’t great. This cybersecurity guide aims to help.
Your SMB is at risk: Here’s why
Our cybersecurity guide begins with this core principle: The first leap toward enterprise-grade cybersecurity for SMBs is an acknowledgment that you are at risk. A recent Verizon study revealed that 61 percent of victims of data breaches were small businesses! Here are some reasons that should help you understand why SMBs can’t take cybercrime lightly.
SMBs are the ideal victim for organized cybercrime networks because they offer more digital assets to target as compared to individual web users. And the cybersecurity maturity of these organizations is much less than enterprises.
Additionally, SMBs are known to be complacent about cybercrime risks — that’s because they believe they don’t have any valuable information worth stealing. Cybercriminals don’t think so. In fact, SMBs are more likely than enterprises to pay a ransom to get back stolen data!
Without further ado, let’s open our cybersecurity guide and tell you everything you can do to make your defenses more robust.
Strong passwords, changed frequently
Here’s a reliable solution available at zero cost and minimal technical complexity. Passwords are your first line of defense against unauthorized access attempts made on your digital assets. Poor passwords, however, only offer you a false sense of security. Instead, follow these best practices:
- Use a mix of lower case, upper case, punctuations, and numbers in your passwords.
- Never allow the use of the same passwords across applications and computers.
- Don’t allow dictionary words, their minor variations, and usernames as passwords.
- Enforce methods to ensure that employees change default application passwords as soon as possible.
- Automatically expire passwords sufficiently soon, and mandate structure and proper complexity on passwords.
Email attachments and web downloads are the ideal conduits for cybercriminals to get people to download content. Hidden underneath layers of content are malicious codes that can cause all kind of problems — triggering more malicious emails from your email ID to all IDs in your address book, deleting or encrypting data on your computer, and making software dysfunctional.
The solution — educate and train your people. Here are some suggested practices:
- Don’t preview attachment contents, don’t download attachments indicated as spammy/suspicious.
- Don’t open emails from people you don’t know, and don’t forward unnecessary emails.
- Before downloading anything, verify whether the subject, email body, and attachment name fit the narrative.
- Set up web browser defaults to block unsolicited downloads.
- Turn off Java scripting and Active-X by default, with the option to activate for recognized safe websites.
- Never download software from anywhere other than recognized app stores and official web links.
Install robust antivirus
It’s common knowledge — computers need an antivirus to detect malicious codes within emails, attachments, downloaded files, websites, etc. Antivirus programs use virus signature databases to identify suspicious patterns in codes. These signature databases are updated frequently to keep the antivirus software potent enough to identify latest threats.
For the best of security, make sure you implement security policies such that:
- Antivirus programs are updated automatically as soon as the developers make updates available.
- If annual renewals are required to keep the antivirus active, look for auto-renewal options.
- Never allow a computer to be connected to the Internet without antivirus software being active.
- Allow the antivirus to check all file sources — including CD and jump drives.
- Set up automatic scans of all contents of computers to detect problems that were missed at other checkpoints.
Note: You also need firewall software to make sure that no suspicious messages enter or leave your network. Look for firewall software that lets you review blocked inbound/outbound messages to ensure it doesn’t disrupt your system’s Internet communications. You will need time and will need to set up a review mechanism involving employees to prevent the problem of over-blocking by the firewall.
Clean as you go
Unused software, active accounts of inactive employees, end of life equipment — all these are common reasons for cybersecurity breaches at SMBs.
- Establish monthly review practices to identify software that’s not in use.
- Before terminating an employee, cease his or her accesses.
- Before an employee’s voluntary release from a project or the company, make sure he or she doesn’t take the data along.
- Build a robust process that demands suitable checks to be made about existing data (delete, archive, or retain) on equipment being discarded, replaced, or repurposed.
- Educate employees on how they can archive unused data or store it on external media rather than letting it be exposed on a computer.
Unfortunately, no security practice offers a 100 percent success rate. This means that SMBs should safeguard their important data just in case a security catastrophe hits them.
Some best practices:
- Brainstorm to set up right recovery-time objectives (how soon do you need your data back after a disruption) and recovery-point objectives (how recent must the recovered data be). Recovery-time objectives and recovery-point objectives govern how frequently you create backups for data and how much data you back up regularly
- Test the backup process regularly by restoring the backed-up data to an external location.
- Set up automated backup processes, along with time logs to help everyone find out key information about each backup.
Cybersecurity guide takeaway: Know that you face a huge threat
Cybersecurity has to be a key component of the IT strategies of SMBs. Cybercrime, make no mistake, is a huge threat to SMBs. What’s more, your business’s failure to protect customers’ data could create serious troubles with agencies enforcing data protection laws. This cybersecurity guide should help you stay safe.
Featured image: Pixabay