How To Insulate Small Businesses From Cyber Threats

Ram is a Technology evangelist with more than two decades of experience in Cybersecurity domain.

In the aftermath of the COVID-19 pandemic, small and medium sized businesses (SMBs) were perhaps, the hardest hit of all businesses. One of the most challenging enterprises in life is starting a small business and seeing it through all its birthing pains to a successful eventuality. Keeping a business on track requires leaders to take on a multitude of roles from hiring and growth management to IT and compliance administration. For small businesses, the internet is a double edged sword. On one hand, the internet provides a multitude of avenues for small businesses to carve out a place for themselves in the market place. However, this dependency on the internet can also make small businesses vulnerable to threats. I have consulted and advised a multitude of startups and growing SMBs through my career, and have a profound appreciation of how bootstrapped businesses prioritize resources. One of the things that may fall through the cracks is investing in a strong cybersecurity infrastructure. However, SMBs have never been more vulnerable to cyberattacks.

How Vulnerable are SMBs to Cyberattacks?
Work from home conditions came with a multitude of security vulnerabilities that were never a concern in the pre-pandemic world. Although most of the eye catching headlines regarding data breaches and cyberattacks usually pertain to big corporations and well known multinational brands, the reality is that SMBs are more vulnerable to hackers than most large organizations. According to a recent survey, over 40 percent of SMB owners admitted to not providing employees with any cybersecurity awareness training pertaining to handling WFH related cyberthreats. According to experts, over 50 percent of SMBs do not have any inhouse cybersecurity experts. The Ponemon Institute discovered state in their 2019 report that over 60 percent of SMBs experienced had a data breach, while 53 percent of SMBs reported having no oversight into their employees’ password practices.

What Damages can a Cyberattack cause to SMBs?
A single data breach or ransomware attack can lead to devastating financial and reputational damage for an SMB. From the loss of business and trust to potentialfines and lawsuits the list of consequences can be exhaustive. A recent report found that 60 percent of SMBs that was hit by a cyberattack were forced to close shop within six months of the attack. Yet another report stated that the average cost of a cyber attack to a small business before the pandemic was around $150,000. However, this cost is only likely to have multiplied as a result of the pandemic.

Top Five Things SMBs can do to Keep Safe from Hackers
Cybercriminals have grown bolder and more creative over the past few years. From COVID-related scams to repeated ransomware attacks hackers are using every trick in their arsenal to make a quick buck. SMBs can avoid falling victim to cyberattacks by taking a few significant steps:

1.Start with a strong Identity Management & Governance program:It is imperative to start with a solid Identity security foundation to secure the company from the ground up and the inside out. Start with ensuring strong password management practices are in place, especially in these remote working times. Employees and their strong password management practices are the first line of defense against hackers. To address the rising mobile workforce and digital customers, look to strengthen and improve user experience with the implementation of Single Sign-On(SSO)and MultiFactor Authentication (MFA)based solutions.

2.Educate Employees:Employees must be regularly educated about how to identify andrespond to potential threats. The first nugget of knowledge must pertain to strong password management practices. In the age of remote working, employees and their strong password management practices are the first line of defense against hackers. However, password management is just the first step. SMBs must also ensure that their employees routinely participate in cybersecurity awareness training programs. These programs educate employees about phishing, malware, ransomware, and other forms of cyber attacks. The training programs also help employees to spot malicious phishing emails, which are one of the most common infiltration methods used by hackers. Additionally, employees are also trained on how to appropriately respond during a security incident.

3.Upgrade Legacy Systems:All the safe password practices in the world cannot keep your entity safe if your hardware and software systems are vulnerable. It is essential for any business to rigorously update its systems, to stay safe from attacks. In some cases, small businesses run legacy systems as a way to cut costs. However, these legacy systems are prime targets for hackers. Adopting cloud data and security solutions in the age of remote working is essential. Cloud security solutions are designed to ensure that all your data and applications are stored securely and are accessible only to authorized personnel. In addition to working as a backup, this also strengthens your security by leveraging cloud based data recovery solutions.

4.Zero Trust Architecture:To further future proof, SMBs can adopt a zero trust framework to strengthen security. Zero trust is a strategic framework and one of the most effective ways of ensuring that access to proprietary data and applications is limited to only authorize personnel. It relies on identity verification and ensures that an organization’s information is protected even when users attempt to access it via multiple devices or multiple locations. This helps minimize the possibility of unauthorized infiltration and contains breaches.

5.Incident Response Plan:A disaster recovery plan can be invaluable to SMBs in the event of an attack it saves time and resources when dealing with threat actors. An effective incident response plan focuses on incidents. Lifecycle management and ensures that the affected business can conduct a structured investigation into a security incident.