Although cyber attacks against large companies make the biggest headlines, small and medium-sized businesses are not immune to the threats. SMBs are just as vulnerable as large enterprises, and in many cases, more so; because they have fewer resources to devote to cybersecurity.
According to Webroots’ 2015 SMB Threat Report, only 37% of IT decision-makers for SMBs believe their organizations are ready to handle security threats. Nearly half say they don’t have enough time to stay current on the latest cybersecurity threats.
The cybersecurity threat to SMBs is no hoax; here’s some tips to address the threats:
Ransomware attacks are on the rise. For SMBs, the threat is particularly worrisome. Many SMBs haven’t fully invested in technologies that can help detect potential ransomware attacks and mitigate the effects of an attack. Many resort to paying the ransom. Consider investing in an advanced threat detection platform that can protect against unknown threats as well as the known. Backup data regularly so that you can easily recover essential data and negate the need to pay ransom.
Phishing is one of the trickiest, yet most common forms of cyber attack. Verizon’s 2016 Data Breach Investigations Report shows that phishing is responsible for thousands of data breaches and attempted breaches. People are most often the chink in the armor, opening 30% of phishing emails with 12% going on to click a link or open an attachment. At fault is a lack of training. Teaching employees how to spot and avoid clicking on links and attachments in unsolicited email messages is the best defense against phishing.
Bring Your Own Device (BYOD) drives cost savings and increased employee productivity for SMBs. Unfortunately, most SMBs don’t manage the security of BYOD devices, leaving them vulnerable to attack. A consistent, enforceable BYOD policy is essential to SMBs that want to fully realize the benefits.
Humans are the weak links in most cybersecurity defenses. Many SMBs fail to recognize the threat posed by existing and former employees who abuse online privileges, either willfully or accidentally. This study from Webroots reports that only 52% of SMBs feel prepared to combat insider threats. To address this problem, businesses need to set up formal processes to check for security breaches when an employee leaves. Audits and fraud prevention technologies can also be useful.
5. Weak Passwords
Everyone prefers simple passwords, but they’re a major risk to cybersecurity. Require employees to change passwords regularly and use passwords that are ideally at least 12 characters long, include upper and lower case letters as well as numbers and symbols. Avoid common words and consider using a password management solution.
6. Failure to Patch
Patching devices in a timely fashion is critical to making sure you’re protected against the latest threats. SMBs with IT staffs stretched too thin often fail to patch devices on schedule. But a patch can mean the difference between evading a cyber attack and being totally derailed by one.
Although these steps cover the basics, cybersecurity is far from elementary for SMBs that need to stay focused on their core business. That’s where partnering with a managed security services provider like RG Technologies can help. Contact us to learn more.