4 IT Security Best Practices SMBs Need To Adopt Immediately

IT and cyber security tips for SMBs

While cyberattacks on companies that are household names are often highly publicised and reported on, attacks on small businesses often go unnoticed by the media despite accounting for 43% of targeted attacks. These attacks might not hit the front page, but they are having a significant impact on small businesses across the globe.

In 2018, SMBs in the UK are estimated to have been targeted by 65,000 attempted attacks per day, resulting in impacts on client relations, growth and financial issues.

In the US, Ponemon discovered that two thirds of companies with between 100 and 1,000 employees had experienced a cyberattack in the past 12 months, spending an average of more than $1 million as a result of the attack.

This is concerning enough, but it gets worse when you realise that the majority of successful data breaches were the result of human error rather than a targeted attack. In other words, through a lack of awareness or training, SMBs are not doing enough to minimise attacks, and therefore, a large percentage of attacks that are damaging SMBs could be prevented.

The good news here is that SMBs are certainly not helpless in this situation. Here are some security improvements that can be made swiftly and without a significant increase to security spending.

1. Improve employee training

It has already been mentioned that most cyberattacks on SMBs are preventable, but how can human error be reduced? The simple answer is by raising awareness.

Experts have spent years warning of the risks of weak passwords and yet “123456” and “password” were still two of the most common passwords of 2018.

By implementing a revised security policy that shares responsibility for security across everyone in the organisation, awareness around things such as strong passwords become a daily consideration for all members of staff, increasing engagement and awareness of how the simple things could result in a breach.

Supplementing this policy with regular training will keep your workforce aware of the latest threats and the process should a breach occur. It will also make sure that even those with little confidence around cyber security will know what to do should they identify something that could be a potential red flag.

2. Keep backups

Ransomware attacks have become increasingly common in recent years due to high-profile attacks such as WannaCry. This type of attack locks the user out of their data and, as the name suggests, demand a fee to return access. However, there is a risk that even if payments are made the data will have been corrupted or will not be returned at all.

Thankfully, what could be a frightening situation can easily be rectified by recovering the data from backups and wiping the infected devices.

Much like strong passwords, backups are something that have been encouraged for years but are not always implemented, giving threats like ransomware such potency.

SMBs should ensure that all of their data is backed up and that the most sensitive data is secured, either remotely, on a local server or with a Cloud service. In many cases, this process can be automated, making it both secure and simple to manage.

3. Assume the worst

Despite the risks, many SMB owners feel that their company is too small to be targeted. When improving best practices, it is important that preparations are in place for the worst-case scenario. When 60% of small companies go out of business within six months of suffering an attack, “when, not if” is a sensible attitude to take.

Breach preparations should include transparent response strategies outlining different types of threat and the process that should be followed in each case.

By providing clear communication, the chance of minimising the damage caused by a breach will be greatly improved. Staff will know exactly what to do and clients and customers can be swiftly informed, minimising the impact on reputation and customer relations.

4. Secure endpoints

When building a security network, it is easy to visualise a firewall as a perimeter fence and antivirus software as a patrol, monitoring for anything that manages to break through and dealing with it.

However, there is another element that is often neglected. Without sufficient endpoint security, the devices connected to your network, from laptops to smart speakers, all have the potential to become a vulnerability and a simple way for hackers to access your network – no matter how strong your other defences are. This can not only put your data at risk but result in significant damage to the company’s reputation and finances.

To make sure that your network remains secure, it is vital that every single device in your company has a member of staff responsible for ensuring that it is updated with fully updated software and is utilising both strong passwords and two-factor authentication.

Most companies will have a level of security software in place, but security threats are continually evolving, meaning that regular reassessment of the current setup is vital. As a starting point, you should assess your current system with an IT Security Health Check Tool to see where the weak points in your defences are.

While protecting endpoints is a crucial element of keeping your SMB safe, the key to effective security is ensuring that people are engaged in the process. By making security a daily consideration rather than a task that is someone else’s responsibly, you can ensure that improved security best practices are implemented and the protection around your sensitive data is strong as it can possibly be.

More from ByteStart

ByteStart is packed with help and tips on all aspects of running your own business from tech to tax. Check out some of our most popular guides;


Funding your business


Image: DepositPhotos.com

Bytestart Limited info@ByteStart.co.uk

Comments are closed.