The cybersecurity dangers facing small businesses are legion, particularly when you don't have the internal resources available to rise to the challenge. Fighting through security issues while trying to keep your business afloat during this difficult economic era feels like adding insult to injury for many small business owners. CNBC estimates that even a basic cyberattack can cost companies an average of $200,000 -- enough to devastate your company even during the best of times. Small to mid-size businesses are the target of a significant percentage of cyberattacks, even though they typically lack the preventative and protective resources of larger organizations. We recently connected with experts from IT managed services providers around the country to get their recommendations for hardening your small business against cyberattacks.
Managing User Access with "Zero Trust" and "Least Privilege"
While internal user attacks against an organization are not the norm, technology professionals still recommend locking down user privileges to the lowest possible level of accessibility as a matter of course. Evan Eakin of Elevate Services Group notes: "You want to be mindful of who can access data, utilizing a "zero trust' and "least privilege" approach. Troy Drever of Pure IT, agrees. "Always lock down user accounts so they don't have admin-level privileges. This is an easy way to reduce the potential of an attack that doesn't cost a dime!". Another way to keep users in the loop in terms of security is through aggressive employee training, for which Holden Watne of GenerationIX is an advocate. "The biggest threat to your organization sits right in front of your keyboard -- don't forget to include regular phishing tests in your cybersecurity training." Michael Nelson of TLC Tech shared another suggestion: "Turn on Conditional Access to help limit the geographic location for logins."
Create Consistency in Your Software Update Schedule
Another key area for concern for small businesses is the update schedule for your software. "Aging platforms can be a serious security risk, and some organizations overlook patching all applications and devices against security vulnerabilities", according to Jeff Rapp of ARCIS Technology Group. Alek Pirkhalo of Infiniwiz also recommends having a solid backup plan in place so you can recover information if the need arises. "Always evaluate backup vendors to see how they handle encryption, delta copies and more." Anthony Buonaspina of LI Tech Advisors notes: "You should also perform a regular network security scan to uncover any new devices of vulnerabilities." Even security software needs to be patched on a regular basis, with Endpoint Detection and Response (EDR) becoming an important component of your overall security posture.
Maintain a Layered Approach to Security
One of the hot-button topics for enterprises is layered security, but small businesses can also find value with these strategies. "Add multi-factor authentication for users, encourage the use of strong passwords and institute web-based email scanning to stop high-level attacks", according to Carl Fransen of CTECH Consulting Group. Adam Fadli of Discovery IT also encourages MFA, along with a robust enterprise-class firewall like FortiGate that also offers SMB-friendly pricing. "Security should be applied in layers, such as email, edge and workstation", shared by Joe Cannata of Techsperts, LLC. Several of our experts also noted the importance of having a proactive IT security risk assessment and network review performed on a regular basis to help ensure that your brand reputation and revenue are protected from cyberattacks.
Prepare for the Worst
Nearly every technology guru we consulted shared the need to be prepared in the event of a disaster. Backups should be well-secured and tested regularly. Jeff Rapp of ARCIS Technology Group summed up the thinking of the group: "There's a strong possibility that your business will be hit by ransomware at some point. Making sure you have disaster recovery technology solutions and plans in place can help you avoid paying the ransom -- and getting your business back up and running quickly."
While there are plenty of suggestions from this group of high-tech leaders, one final recommendation was from John Beyer of Realized Solutions. "Look for technology solutions that can help automatically block dangerous activity or create notifications for your team. One example is DMARC, or Domain-based Message Authentication, Reporting & Conformance." Staying ahead of the trends on the technology front will help your small to mid-size business maintain consistent operations during the COVID-19 crisis and beyond.
