3 Cost-effective Ideas to Shore Up Your Small Business Cybersecurity Plan
The trends, insights, and solutions you need to grow your business.
By signing up, you’re subscribing to our monthly email newsletter, The
Wire. You may unsubscribe at any time.
While large companies and government entities dominate the headlines for the rise in cyberattacks, experts warn that small businesses are still at risk.
"Small- and medium-sized businesses are an especially popular target among ransomware operators, who recognize that these companies often lack the cybersecurity resources and expertise required to repel an attack," says Dave Wreski, CEO of Guardian Digital, in a New Jersey Business Magazine article.
Small and medium-sized businesses need to understand that cyber risk is business risk, warns Fabi Hubschmid, co-founder and COO of Austin-based Markaaz, a small business platform for verifying, monitoring, and paying suppliers.
"Though the memorable headlines focus on large corporations and household brands, attacks on small and medium-sized businesses are on the rise," Hubschmid writes in the Forbes Young Entrepreneur Council (YEC) post in June.
According to the Ponemon Institute, two-thirds of small businesses experienced a cyberattack over the past year, he says, citing a recent Global State of Cybersecurity in Small and Medium-Sized Businesses report.
Increasing to 76 percent in the U.S., cyberattacks against small businesses represented a 20 percentage point hike compared to three years ago, the post says.
Install Updates ASAP
A key low-cost, best practice to boost data security at your business is to "immediately" install software updates and patches.
"It sounds simple and boring (compared to a shiny new solution), yet many struggle to keep up with patches," writes Matthew Wilson in a post for BTB Security, which has offices in Illinois, Texas, and Pennsylvania.
"It costs nothing, and the process can be automated using tools available at no cost from Microsoft (for Microsoft solutions) or other software vendors. It requires little time and expertise, and yet will deter attackers who are simply looking for the softest targets."
Another cost-effective step is ongoing communication about cybersecurity at your business with new and current employees, for example, the importance of passwords.
Password issues have been on the rise with increased pandemic-driven remote work. According to the Global State of Cybersecurity report, nearly three quarters of small businesses stated that their staff's passwords were lost or stolen in the previous year, says Hubschmid.
The best way to keep passwords safe from cybercriminals is to create strong passwords. Also, let's say you or employees are using personal devices for work. Cybersecurity experts advise keeping personal and work passwords separate to reduce the risk of unauthorized access to your company's data and systems.
Reports of phishing attacks have increased by 600 percent increase since the onset of the pandemic.
"Users are now three times more likely to click on a malicious link embedded in a phishing email (and ultimately disclose their account credentials) than they were pre-COVID," Wreski said in the NJB magazine article by Jennifer Lesser.
Secure Remote Work with VPN
Any remote work should be secured either with a virtual private network or multifactor authentication (MFA), or both, ideally, says Rashaad Bajwa, CEO of Domain Technology Partners, in the New Jersey Business article.
You may have discounted this idea due to estimations that it costs tens of thousands of dollars. But Bajwa advises small businesses to check into it. He suggests looking into low-cost or free MFA tokens that may be obtained through Microsoft or Google Authenticator. It allows companies the ability to add another layer of protection against cyber attacks.
"Multifactor authentication ensures that even with a stolen password, bad actors can't access your network unless they also have physical access and log in to your mobile phone," he says in the NJB article. "These additional layers of security are increasingly becoming the only relatively secure way to provide remote access without asking for a security incident."