How Small Businesses Can Improve Cybersecurity Without Breaking the Bank

January 14, 2020

While organizations of all sizes have benefited from the efficiencies and conveniences of taking their business digital, it’s not without risks. Cybersecurity in today’s hyperconnected world is a necessity for large, medium and small businesses alike. Smaller businesses may be more prone to cyberattacks as they typically have fewer resources dedicated to cybersecurity.

One of the primary motivations for cybercriminals is financial gain. In the last few decades, cybercriminals have grown in technical and operational sophistication, and are a pervasive threat to organizations holding personally identifiable information or payment details. This information allows cybercriminals to profit from fraudulent activity or reselling data. While large businesses with more than 100 people have more data to steal, small businesses may be more attractive targets of opportunity especially for less sophisticated cyber criminals.

Lack of time, budget and knowledge are three common reasons why businesses may not have adequate cybersecurity today. Implementing the proper tools for protection can sometimes come with a hefty price tag, making it harder for small businesses to obtain the proper tools and education around cybersecurity. However, there are a few simple, cost effective practices to keeping data and devices secure without breaking the bank.

Educate employees - Employees can often be the weakest link in a company’s fight against cyberattacks. One of the simplest and most effective ways to protect your business from a cyberattack is to train employees about cybersecurity frequently. Companies can do this by e-learning, onboarding talks and hosting regular seminars for employees on how to identify potential threats. This preventative measure will help employees to avoid falling victim to phishing and other scams.
Multifactor identification - Multifactor identification is easily supported by multiple channels and a quick win when it comes to protecting data on both personal and professional devices. Even if a cybercriminal obtains a person’s password, it will be more difficult to use it when multifactor identification is in place. Using multifactor authentication makes your network a more difficult target, which could be enough of a deterrent for criminals to move on to another target.
Implement strong password policies – Creating and enforcing strong password policies is an efficient way to improve cybersecurity. Be sure that all employees change their passwords every 90 days. Additionally, passwords should be complex and no single password should be used for more than one log in. This tedious but effective precautionary measure is a powerhouse against cyberattacks and is a successful way to reduce great risk in an economical way.
Install Up-to-Date Antivirus Software - Phishing attacks are one of the most common attacks used against businesses and business travelers. These types of attacks are when cybercriminals use text messages and emails to impersonate legitimate actors, usually involving malicious links or attachments used to install malware. Having up-to-date antivirus software on all company devices and networks is one way of preventing malware and viruses from being installed on your network.
Back up your data regularly - Backing up your businesses data regularly will allow you to restore data to a point in time before a potential breach occurred, without losing all of the data. To ensure that you will have the latest backup if you ever need it, check your backup regularly to ensure that it is functioning correctly.

It’s also important to remember that employees traveling for business can pose a cybersecurity risk to the organization.

According to International SOS’ most recent Travel Risk Outlook study, it was revealed that less than a third of organizations include cybersecurity in their travel risk management and mitigation policies. Because cybersecurity threats are not constrained by geographic boundaries, and employees are required to access company information on mobile devices, including laptops, smartphones and tablets, while traveling for business, business travelers face an increased risk to cyberattacks.

Potential attackers may control the infrastructure on which communications travel, or have greater opportunity to gain physical access to a target and their portable devices. Business travelers are also far more likely to connect to unsecured Wi-Fi networks while traveling, exposing themselves to greater data vulnerability while in transit. Luckily, there are cost effective precautionary measures that businesses and business travelers can implement ahead of a trip to help reduce the risk of cyberattacks.

Research the potential cyber threats specific to the location.
Minimize the number of devices employees take and remove any unnecessary or highly sensitive data prior to the trip.
Avoid sharing the exact location/purpose of a business trip on the internet.
Ensure all software on any devices used for business is up-to-date.
Educate travelers about the risks while traveling.

As technology continues to evolve, cyberattacks are becoming more complex. The longer a business waits to implement simple measures to reduce the risk of attacks, the more vulnerable and attractive they become to the cybercriminal. Although cyberattacks come at unexpected moments, implementing these simple mitigation steps can reduce or eliminate a hacker’s attempt to gain access to your business’s data.

Matt Bradley, Vice President of Global Security Solutions at OnSolve. A veteran security operations expert for more than two decades, Bradley brings deep first-hand knowledge of security operations management and understanding of the critical challenges facing organizations the future. Most recently, Bradley served as Regional Security Director for the Americas at International SOS and Control Risks, where he led the security services business and advised key executives on risk management solutions. Prior to International SOS and Control Risks, Bradley worked in Honduras as the Security Director for Tigo Honduras where he handled all matters relating to physical security; health, safety and environment; crisis management; and fraud investigation, and as first as a General Manager for I Solution Security, where he advised on security matters for the Honduran President, Minister of Security, and Minister of National Emergency Commission. Previously, Bradley led a distinguished 14-year career with the Central Intelligence Agency (CIA).

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.