Harden Your Small Business Security with These Expert Recommendations

Harden Your Small Business Security with These Expert Recommendations

By Special Guest
Stuart R. Crawford

The cybersecurity dangers facing small businesses are legion, particularly when you don't have the internal resources available to rise to the challenge. Fighting through security issues while trying to keep your business afloat during this difficult economic era feels like adding insult to injury for many small business owners. CNBC estimates that even a basic cyberattack can cost companies an average of $200,000 -- enough to devastate your company even during the best of times. Small to mid-size businesses are the target of a significant percentage of cyberattacks, even though they typically lack the preventative and protective resources of larger organizations. We recently connected with experts from IT managed services providers around the country to get their recommendations for hardening your small business against cyberattacks.

Managing User Access with "Zero Trust" and "Least Privilege"

While internal user attacks against an organization are not the norm, technology professionals still recommend locking down user privileges to the lowest possible level of accessibility as a matter of course. Evan Eakin of Elevate Services Group notes: "You want to be mindful of who can access data, utilizing a "zero trust' and "least privilege" approach. Troy Drever of Pure IT, agrees. "Always lock down user accounts so they don't have admin-level privileges. This is an easy way to reduce the potential of an attack that doesn't cost a dime!". Another way to keep users in the loop in terms of security is through aggressive employee training, for which Holden Watne of GenerationIX is an advocate. "The biggest threat to your organization sits right in front of your keyboard -- don't forget to include regular phishing tests in your cybersecurity training." Michael Nelson of TLC Tech shared another suggestion: "Turn on Conditional Access to help limit the geographic location for logins."

Create Consistency in Your Software Update Schedule

Another key area for concern for small businesses is the update schedule for your software. "Aging platforms can be a serious security risk, and some organizations overlook patching all applications and devices against security vulnerabilities", according to Jeff Rapp of ARCIS Technology Group. Alek Pirkhalo of Infiniwiz also recommends having a solid backup plan in place so you can recover information if the need arises. "Always evaluate backup vendors to see how they handle encryption, delta copies and more." Anthony Buonaspina of LI Tech Advisors notes: "You should also perform a regular network security scan to uncover any new devices of vulnerabilities." Even security software needs to be patched on a regular basis, with Endpoint Detection and Response (EDR) becoming an important component of your overall security posture.

Maintain a Layered Approach to Security

One of the hot-button topics for enterprises is layered security, but small businesses can also find value with these strategies. "Add multi-factor authentication for users, encourage the use of strong passwords and institute web-based email scanning to stop high-level attacks", according to Carl Fransen of CTECH Consulting Group. Adam Fadli of Discovery IT also encourages MFA, along with a robust enterprise-class firewall like FortiGate that also offers SMB-friendly pricing. "Security should be applied in layers, such as email, edge and workstation", shared by Joe Cannata of Techsperts, LLC. Several of our experts also noted the importance of having a proactive IT security risk assessment and network review performed on a regular basis to help ensure that your brand reputation and revenue are protected from cyberattacks.

Prepare for the Worst

Nearly every technology guru we consulted shared the need to be prepared in the event of a disaster. Backups should be well-secured and tested regularly. Jeff Rapp of ARCIS Technology Group summed up the thinking of the group: "There's a strong possibility that your business will be hit by ransomware at some point. Making sure you have disaster recovery technology solutions and plans in place can help you avoid paying the ransom -- and getting your business back up and running quickly."

While there are plenty of suggestions from this group of high-tech leaders, one final recommendation was from John Beyer of Realized Solutions. "Look for technology solutions that can help automatically block dangerous activity or create notifications for your team. One example is DMARC, or Domain-based Message Authentication, Reporting & Conformance." Staying ahead of the trends on the technology front will help your small to mid-size business maintain consistent operations during the COVID-19 crisis and beyond.

Get stories like this delivered straight to your inbox. [Free eNews Subscription]
Related Articles

What You Need to Know About KnowBe4's New PhishER Plus Threat Intel

By: Alex Passett    6/20/2024

Renowned phishing awareness company KnowBe4 is rolling out additional features for its PhishER Plus offering - PhishER Plus Threat Intel packs one hec…

Read More

DataStrike Acquires MiCORE, Creating SMB Data Infrastructure Powerhouse

By: Greg Tavarez    6/18/2024

DataStrike recently completed the acquisition of MiCORE in a transaction that will form a large MSP specializing in data infrastructure services for S…

Read More

Boldy Defending Businesses: Huntress Secures $150M in Series D Funding to Strengthen its Security Capabilities

By: Alex Passett    6/18/2024

Huntress has officially announced the closure of its successful $150 million Series D funding round. This was led by Kleiner Perkins, Meritech Capital…

Read More

MSPs Round Up Cyber Threats with Compliance Scorecard's CaaS Power-Up

By: Greg Tavarez    6/18/2024

MSPs can now breathe a sigh of relief as Compliance Scorecard announced an upgrade to its Compliance-as-a-Service, or CaaS, platform.

Read More

Pia's Usage-Based Model Optimizes MSP Resources

By: Greg Tavarez    6/18/2024

Pia's recently announced usage-based model means MSPs will only be charged for the resources and automations they actually leverage.

Read More