Yes, small and medium businesses (SMBs) are one of the main targets of cyber attacks. Why? First, SMBs don't usually have a budget to invest in cybersecurity. Second, they don't see themselves as cybercriminals targets. Third, they don't know how to measure the importance of their assets. These are just a few reasons why SMBs become attractive targets for cybercriminals. And they're also reasons why SMBs should see security from a different perspective.
Extra attention is needed when dealing with cybersecurity not only because of the importance of information and data that companies handle but also because of the damage a cyber attack can cause. In the case of SMBs, an attack can mean bankruptcy, undermining the trust of partners and customers.
Ok, SMBs don’t have money, which means that, in general, they don’t have a person within the company with security expertise. This also means that many managers find themselves in the dark, not knowing where to start and how to get started. Thinking about it, we've created a list to help improve small and medium business security.
Tips to improve cybersecurity
1. Create a list of assets and define access permissions
The first tip is one of the most important. You need to create a list with all the types of data and information your business handle. Then you have to create groups and define a degree of importance. For example, protecting a customer's credit card data is a priority. After that, you need to define access permissions, which means who can access each type of data.
2. Use security solutions to fight spam, phishing, virus and malware
There are a lot of protection solutions in the market today, and many simplify administration and management with the intent that more companies and people have access to them. To have a minimum level of security, evaluate implementing in your company a Secure Email Gateway solution and other anti-virus and anti-malware solutions. This means that you will have tools to tackle different types of threats, such as spam, phishing, virus and malware. There are various prices in the market. Research well and choose wisely.
3. Beware of emails
This tip is directly related to the previous one, because email is the main threat vector, and therefore deserves an exclusive topic. It's very important that your company has a security policy focused on protecting emails. A Secure Email Gateway solution will help you with that.
4. Train your team
Your company should also invest in security awareness. Having employees that are aware of the most common scams and attacks may reduce your company's chances of being hacked or suffering a data breach. Send tips to them, promote training and, if necessary, adopt a security awareness solution.
5. Require strong passwords
Weak passwords are one of the factors that increase your company's chances of being hacked. Require long passwords that match alphanumeric characters, numbers, symbols and uppercase and lowercase letters. And pay close attention to where the passwords will be stored.
6. Keep systems up to date and back up your data
Yes, it's simple to keep software and computers up to date and back up frequently. Everyone says that on the internet, right? But there are still many companies that don't treat this issue with due seriousness. Keep in mind: new versions are released precisely to address gaps and bugs that can affect your system making your business more vulnerable.
7. Have an incident response plan
Have an incident response plan (IR) ready and available to the entire company. Basically, the incident response plan is a playbook with information on how each area of the company should behave in the event of an attack. The goal of an IR is to mitigate an attack's damage and lessen the stress caused by such a situation.You can find more information about it in this post: “6 steps to build an incident response plan”.
8. Consider a Managed Services Provider (MSP)
If you still don't feel comfortable putting the 7 previous tips into action, consider hiring an MSP. MSPs are companies that remotely take on some IT functions for the benefit of your company. For example, you don't have any security experts and prefer to turn that area over to someone with more knowledge. So you can hire a company that helps protect your information and data, suggesting solutions and managing them.