10 ways to protect Small and Medium Businesses from cyber attacks

Hello CyberExplorers,

Welcome to my blog where I talk about the importance of cybersecurity for individuals and businesses. Today’s topic is a practical guide on cybersecurity for small and medium businesses.

In this digital era, everything is digitized, and it is essential to secure and protect our sensitive data. It is common for small businesses to think they will not be targeted for cyber-attacks. While hacks against big companies like Target, Home Depot, and Sony get more than their share of public attention, cyber-attacks on small and medium-sized companies often go unreported and rarely make the headlines.

Don’t let this lull you into a false sense of security. The number of crippling attacks against everyday businesses is growing. The cybersecurity company Symantec reports, for example, that 52.4% of “phishing” attacks last December were against SMEs. (I have a detailed blog on phishing; do check it out.)

Hence, it is essential even for SMEs to be aware of and take some cybersecurity measures. Here are a few practical and cost-effective ways in which small and medium businesses can protect themselves from cyber-attacks:

1. Understand the Risks

SMBs should be aware of the various cyber threats they face, such as phishing, malware, ransomware, and data breaches. Understanding these risks is the first step in developing an effective cybersecurity strategy.

2. Understand Your Data:

The first step to security is understanding your data, categorizing it as confidential, sensitive, restricted, internal, and public. It is essential to recognize the confidential and sensitive data in order to secure them. Additionally, analyze the data that is essential to run the company so that regular backups can be taken. Decide on the RTO — the maximum length of time the system should take to restore normal operations following an outage or data loss, and RPO — the maximum amount of data the company can tolerate losing.

3. Disaster Recovery Plan

Once the above steps are done, it is time to formulate a disaster recovery plan. Have a clear plan in place for responding to cybersecurity incidents. This should include steps for containment, eradication, recovery, and notification to relevant stakeholders. Also, creating multiple regular backups and storing them in a different system or cloud infrastructure is crucial. This will help in recovering data during cyber-attacks such as ransomware attacks.

4. Train Employees About Cybersecurity

It is said that ‘the human is the weakest link in the system’. It is critical to train employees regarding cybersecurity as they are the most important link in the company. Educating them on attacks like phishing, ransomware, and data breaches will make the company more aware.

Do not think cybersecurity is the responsibility of the IT team — it is the responsibility of each and every employee accessing the system.

5. Use Multifactor Authentication and Require Strong Passwords

Safe passwords are an important component of a company’s cybersecurity posture. Passwords like ‘password’, ‘qwerty’, ‘12345678’, ‘iloveyou’, ‘11111’ are the worst. The last thing you want is to get attacked due to an employee’s weak password. Mandate strong passwords which have uppercase letters, lowercase letters, numbers, special characters, and are at least 8 characters long.

Further, require multifactor authentication for employees to log in to the systems. I have a separate blog on the importance of multi-factor authentication. Do check it out.

6. Limit Employee Information and Access to Downloads

Implement the principle of least privilege, ensuring that employees have access only to the data and resources necessary for their job roles. Limiting access to downloads prevents employees from downloading malware or ransomware by mistake.

7. Immediately Remove Access for Employees Who Have Left the Company

Removing access for former employees is necessary for every business. We don’t want a data breach or sensitive information leakage because of a former employee. Additionally, ensure that all company-owned devices are returned and any stored data is securely wiped. Implement a formal offboarding process that includes a checklist to ensure all access rights are revoked and company data is safeguarded.

8. Invest in Reliable Security Solutions

Use reputable antivirus software, firewalls, and other cybersecurity tools to protect against threats. Consider investing in cybersecurity insurance to mitigate financial risks associated with cyber incidents. It’s also beneficial to engage with cybersecurity consultants or service providers who can offer expert advice and tailored solutions for your specific business needs.

9. Update and Patch Systems Regularly

Ensure that all software, especially operating systems and security software, are kept up to date with the latest patches and updates to protect against vulnerabilities. Outdated versions of software and infrastructure may have bugs that are known to all, which opens the system to possible attacks.

10. Secure Wi-Fi Networks

Never make the Wi-Fi public and accessible to all. If you want to provide Wi-Fi to external users, make use of a separate Wi-Fi network that is not used by employees to handle sensitive data.

Make sure that Wi-Fi networks are secure, encrypted, and hidden. Use a VPN for additional security, especially when employees are accessing company data remotely.

In conclusion, by following these guidelines, small and medium businesses can significantly enhance their cybersecurity posture and protect themselves against the growing number of cyber threats.

With this, we come to the end of this blog. Share this to your entrepreneur friends. Comment below if you have seen any attacks on SMEs or if you have evaded any such attacks. Do follow for more such content!!

Till then, CTRL + S on our friendship — Saving for later!