How Small Businesses Can Improve Cybersecurity Without Breaking the Bank

January 14, 2020

While organizations of all sizes have benefited from the efficiencies and conveniences of taking their business digital, it’s not without risks. Cybersecurity in today’s hyperconnected world is a necessity for large, medium and small businesses alike. Smaller businesses may be more prone to cyberattacks as they typically have fewer resources dedicated to cybersecurity.

One of the primary motivations for cybercriminals is financial gain. In the last few decades, cybercriminals have grown in technical and operational sophistication, and are a pervasive threat to organizations holding personally identifiable information or payment details. This information allows cybercriminals to profit from fraudulent activity or reselling data. While large businesses with more than 100 people have more data to steal, small businesses may be more attractive targets of opportunity especially for less sophisticated cyber criminals.

Lack of time, budget and knowledge are three common reasons why businesses may not have adequate cybersecurity today. Implementing the proper tools for protection can sometimes come with a hefty price tag, making it harder for small businesses to obtain the proper tools and education around cybersecurity. However, there are a few simple, cost effective practices to keeping data and devices secure without breaking the bank.

Educate employees - Employees can often be the weakest link in a company’s fight against cyberattacks. One of the simplest and most effective ways to protect your business from a cyberattack is to train employees about cybersecurity frequently. Companies can do this by e-learning, onboarding talks and hosting regular seminars for employees on how to identify potential threats. This preventative measure will help employees to avoid falling victim to phishing and other scams.
Multifactor identification - Multifactor identification is easily supported by multiple channels and a quick win when it comes to protecting data on both personal and professional devices. Even if a cybercriminal obtains a person’s password, it will be more difficult to use it when multifactor identification is in place. Using multifactor authentication makes your network a more difficult target, which could be enough of a deterrent for criminals to move on to another target.
Implement strong password policies – Creating and enforcing strong password policies is an efficient way to improve cybersecurity. Be sure that all employees change their passwords every 90 days. Additionally, passwords should be complex and no single password should be used for more than one log in. This tedious but effective precautionary measure is a powerhouse against cyberattacks and is a successful way to reduce great risk in an economical way.
Install Up-to-Date Antivirus Software - Phishing attacks are one of the most common attacks used against businesses and business travelers. These types of attacks are when cybercriminals use text messages and emails to impersonate legitimate actors, usually involving malicious links or attachments used to install malware. Having up-to-date antivirus software on all company devices and networks is one way of preventing malware and viruses from being installed on your network.
Back up your data regularly - Backing up your businesses data regularly will allow you to restore data to a point in time before a potential breach occurred, without losing all of the data. To ensure that you will have the latest backup if you ever need it, check your backup regularly to ensure that it is functioning correctly.

It’s also important to remember that employees traveling for business can pose a cybersecurity risk to the organization.

According to International SOS’ most recent Travel Risk Outlook study, it was revealed that less than a third of organizations include cybersecurity in their travel risk management and mitigation policies. Because cybersecurity threats are not constrained by geographic boundaries, and employees are required to access company information on mobile devices, including laptops, smartphones and tablets, while traveling for business, business travelers face an increased risk to cyberattacks.

Potential attackers may control the infrastructure on which communications travel, or have greater opportunity to gain physical access to a target and their portable devices. Business travelers are also far more likely to connect to unsecured Wi-Fi networks while traveling, exposing themselves to greater data vulnerability while in transit. Luckily, there are cost effective precautionary measures that businesses and business travelers can implement ahead of a trip to help reduce the risk of cyberattacks.

Research the potential cyber threats specific to the location.
Minimize the number of devices employees take and remove any unnecessary or highly sensitive data prior to the trip.
Avoid sharing the exact location/purpose of a business trip on the internet.
Ensure all software on any devices used for business is up-to-date.
Educate travelers about the risks while traveling.

As technology continues to evolve, cyberattacks are becoming more complex. The longer a business waits to implement simple measures to reduce the risk of attacks, the more vulnerable and attractive they become to the cybercriminal. Although cyberattacks come at unexpected moments, implementing these simple mitigation steps can reduce or eliminate a hacker’s attempt to gain access to your business’s data.

Matthew Bradley joined International SOS and Control Risks as Regional Security Director, Americas in October 2014. Prior to joining International SOS, he was the Security Director for the largest mobile service provider in Honduras. Bradley spent 14 years with the CIA with overseas postings in Chile, Argentina and ultimately as Chief of Station Tegucigalpa, Honduras.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 October

This month in Security magazine, we explore how Corning's global security group ensured business continuity and employee safety during the global COVID-19 pandemic. Also, we highlight the global security team at Uber and their recent security programs and initiatives. Industry experts discuss travel safety programs, career hackers, working for terrible bosses, group attribution error and more.

View More Create Account

How Small Businesses Can Improve Cybersecurity Without Breaking the Bank

Recent Articles by Matthew Bradley

Mitigating the risks of business travel during the pandemic

The Crucial Role Prevention Plays Against 2020’s Top Business Travel Threats

Rideshare Safety 101

Don't Forget Accommodations: Ensuring Traveler Safety 24/7

Security Magazine

2020 October

How Small Businesses Can Improve Cybersecurity Without Breaking the Bank

Recent Articles by Matthew Bradley

Related Articles

Report Abusive Comment