8 Tips for SMBs to Reduce Cyber Risk in 2020 and Beyond


It is no surprise that small and medium-sized businesses (SMBs) are struggling to keep up with changes wrought by the pandemic. The stay at home orders exposed cracks in their cybersecurity strategy and made them a prime target for hackers. In this article, Jordan MacAvoy, Vice President of Marketing at Reciprocity Labs offers valuable guidance on how SMBs can battle security risks with these eight best practices.

As a small business owner, you may be primarily concerned about growing your brand and increasing customer outreach. However, securing company data should also be one of your top priorities. Small and medium-sized businessesOpens a new window are a common target for hackers, with over 60% of SMBs reporting an attempted cybersecurity breach over the past year. Even more concerning is that the average cost of a data breach is about $53,000, having risen from $34,000 in recent years.

These numbers show just how critical implementing cybersecurity practices has become. Unfortunately, SMBs are common targets because such companies fail to prioritize data securityOpens a new window . Hackers, therefore, have an easier time penetrating your systems and causing widespread damage. The good news is that you can keep your data safe and secure by implementing best practices.

Learn More: Cybercriminals Turn to Fake News, Hoax Websites, Email ScamsOpens a new window

1. Encrypt Sensitive Data

SMBs handle many different types of sensitive data on a regular basis. From credit card numbers to addresses and even health-based information, hackers could cause lots of damage if they were to access such data Opens a new window by penetrating your systems. This is why it helps to add an extra layer of security when dealing with sensitive information. By encrypting various types of data, you can prevent unauthorized persons from accessing sensitive information even when your systems are breached.

Encryption Opens a new window makes it harder (and sometimes impossible) for hackers to read or interpret data that they may have accessed without proper permission. You should encrypt any sensitive data being sent via laptops, smartphones, the cloud, or backup hard drives. In this way, your data will remain secure regardless of where it’s being stored or used. Adding an HTTPS encryption also secures your data while it’s being transmitted over the web. Along with an SSLOpens a new window certificate, you can create an encrypted channel that prevents hackers from intercepting data in transit (as it travels between the web host and your website).

Learn More: 8 Step Guide to Defeating Cyber ThreatsOpens a new window

2. Establish Secure Internal Infrastructure

Keeping your company data safe begins with establishing secure internal protocols. How you handle data in-house will be key to maintaining a secure environment and detecting threats before they penetrate your systems. But how can SMBs develop robust internal protocols? By installing perimeter security (such as a firewall), implementing data encryption protocols, and having secure applications, you will be able to develop robust company infrastructure.

You will also need a dedicated team that can prioritize data safetyOpens a new window while continuously monitoring your environment. Because not all SMBs can afford to hire full-time personnel for such tasks, it makes sense to outsource some of your IT workflows. Third-party vendors provide a wide range of support services- from software installation to on-site monitoring. You can pick and choose which services are most critical for your business after carrying out a risk assessmentOpens a new window .

Learn More: How to Maintain AWS Cyber Hygiene in Quarantine EraOpens a new window

3. Invest In The Training Of Staff

One of the most important cybersecurity tips for SMBs is staff education. All it takes for your systems to become compromised is an employee clicking on a malicious link- or opening a suspicious email attachment. Furthermore, phishing and malware are among the most common cybersecurityOpens a new window threats that companies experience.

A significant part of your cybersecurityOpens a new window plan should include employee education. Your team should be aware of how to identify and avoid phishing attempts, how to report such events to the right personnel, and even how to access company systems from remote locations. Such training should also be tailored to a specific employee’s role so that they may find this information useful and practical to implement. Less than 35% of small businesses currently train and evaluate their employees on cybersecurity (especially phishing attempts). This is why you should prioritize such training to avoid falling victim to such threats.

4. Establish Protocols For Accessing Data Remotely

The COVID-19 pandemic has affected businesses of all sizes. Many employees have to work remotely so as to limit human contact and spread of the virus. However, working from home has presented the challenge of data security. Hackers are increasingly targeting data being transmitted over unsecured channels because employees are accessing company systems from multiple locations. You can prevent these threats by establishing secure protocols for remote data accessOpens a new window . In other words, make sure your employees are aware of how they can handle sensitive company data while working from home. This should be done in a manner that doesn’t slow down or cripple daily operations.

A good starting point is implementing robust security networks and authentication protocols. A two-factor authentication is a common approach used to reduce the likelihood of unauthorized data access. You can also limit incoming traffic to company systems while encouraging your employees to use VPNsOpens a new window (especially those who are handling sensitive customer data). Keeping logs of remote data access can also help you identify when a breach might have occurred and how it happened.

Learn More: Why Every Small & Mid-Sized Business Should Not Ignore Cyber Liability InsuranceOpens a new window

5. Have A Password Policy In Place

Speaking of authentication and data access, you should also have a strong password policy in place. Such a policy can be as simple as requiring password changes on a regular basis, or not using default passwordsOpens a new window for your security network devices. Employees should also be required to use strong passwords that contain the following elements:

  • A mixture of numbers, letters, and symbols
  • Passphrases (instead of words) that are more than 8 characters long
  • Phrases that aren’t easy to guess (such as family member names, pet names, etc.)
  • Not using the same password Opens a new window for multiple online platforms

6. Frequently Update Your Systems

A common mistake that SMBs make is investing in quality infrastructure but failing to update them. Even the most sophisticated systems could become ineffective if they don’t keep up with current threats. Furthermore, hackers constantly evolve in their attempts to penetrate company systems.

You can avoid the risk of renewed threats by regularly updating your software, firmware, and hardware. Regular updates are typically provided by software and hardware providers, so you should establish a schedule for patching up your systems before they fall out of date.

Learn More: Don’t Leave Cloud Data Security Behind: 5 Best Practices to FollowOpens a new window

7. Back-Up Thoroughly And Often

Data loss is a significant risk that many SMBs face, and being unable to access business information could potentially paralyze your operations. To prevent this threat, you should regularly back up all company data locally and at an offsite location. Regular backups reduce the risk of losing access to corporate systems, especially in the event of a ransomware attack. Don’t forget to protect backups using similar tips mentioned in this article.

8. Implement Access Control Protocols

Finally, SMBs should implement robust access control protocols. This means being able to verify who has access to specific types of data and keeping logs of such access for future reference. Access control ensures that the wrong people don’t gain permission to read, copy, or distribute sensitive data. And coupled with proper authentication protocols, you can keep a tight circle around sensitive information while reducing the likelihood of breachesOpens a new window .

Let us know if you liked this article on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!