Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Four ways SMBs can protect themselves from cybersecurity threats

By Shena Tharnish
convergence freepik
August 25, 2021

Just as history books in the future will define 2020 as the year of the pandemic, many businesses will remember 2021 as being characterized by a different kind of threat: the year of the cyberattack. Gasoline suppliers, insurance companies, municipal water treatment plants, the New York Metropolitan Transportation Authority, even the Houston Rockets — have all been victims of data breaches or ransomware attacks in the first half of this year. 

While it’s primarily big businesses and high-profile hacks like these that make the headlines, SMBs are also targets for bad actors — costing them downtime, data, business, and revenue. 

Cybersecurity threats are constantly evolving, and the risks aren’t diminishing any time soon. But there are ways to fight back. These four techniques can help small businesses protect their business, employees, and customers. 

 

1) Educate employees. Data breaches from company insiders can cost a business up to 20% of annual revenue, and at least one in three reported data breaches involve a company insider. 

Yet the same study found three-quarters of those insider data breaches are unintentional, meaning continually training employees on the latest threats is one of an SMB’s strongest lines of defense.

For example, phishing is one of the biggest threats to businesses of all sizes, and scammers have been particularly busy during the pandemic. Google, which alone blocks more than 100 million phishing emails each day, reported that in mid-April 2020, its systems were detecting 18 million malware and phishing Gmail messages per day related to COVID-19. SMBs thus must educate employees on the dangers of phishing — stressing how easy it is for someone to mistake those emails for legitimate and therefore click the phishing link — and provide instructions on what to do if something seems suspicious. 

 

2) Manage passwords and endpoints. One weak password, bad password management, or a few errant keystrokes on a suspicious website, and an SMB can find itself in the midst of a data breach. 

To avoid bad actors coming in through the front door — that is, by entering a password — SMBs should require employees to select passwords with a combination of numbers, special characters, and upper and lowercase letters to make them harder to crack, as well as force password changes at predetermined intervals several times a year via system prompts. 

Bad actors can also come in a side door, so to speak. Any connected device (i.e., endpoint) that isn’t properly secured offers a way into an organization’s network. Cybercriminals know how to exploit these openings, and they can get pretty creative. Hackers once attempted to steal data from a North American casino via a fish tank connected to the internet to feed the fish and regulate their environment automatically.

To protect their entire network — not just individual devices — SMBs can invest in sophisticated endpoint protection solutions, such as unified threat management (UTM), which constantly scans and monitors a network. In one package, UTM offers multiple security functions, including antivirus, anti-spam, intrusion detection, data loss prevention, and content filtering. This helps protect SMBs from blended threats, which are combinations of malware or other types of attacks that target different parts of a network simultaneously. 

UTM also protects against attacks that slip in via unsecured devices, which even a business with a robust IT security team — like that North American casino — might have connected to its network, knowingly or unknowingly.

 

3) Enact solid policies and practices. Proactively codifying certain elements of a cybersecurity approach through policy and process ensures cybersecurity remains an ongoing priority. 

Some examples include:

●    A zero-trust framework: This is one of the most effective ways for organizations to control access to their networks because it assumes no trust in a network, device, or identity and requires those accessing resources to prove who they are. By separating the network and restricting user access, zero-trust security helps the organization contain breaches and minimize potential damage.

●    Multi-factor authentication: Two-factor authentication is a subset of multi-factor authentication, which requires more than two pieces of evidence to authenticate that a person is whom they say they are when logging in. For example, some access requires entering a code sent to a specific user’s device after entering their username and password. By enabling multi-factor authentication, SMBs can prevent unwanted access, even after a hacker has obtained a user’s login and password.

●    Virtual desktop infrastructure (VDI): Particularly useful for SMBs with remote or hybrid work environments, a VDI gives employees the resources they need to work without exposing the underlying network to the threats posed by unsecured devices. VDI, often available via cloud-based offerings, renders an image and doesn’t download actual data to the device, blocking off unnecessary access.

 

4) Design an incident response plan. While it’s essential to mount defenses, preparing for a worst-case scenario well in advance is just as necessary. Reaction time is critical in the event of a data breach or attack, so SMBs shouldn’t wait until an incident occurs to develop a detailed incident response plan — in that scenario, it may already be too late to mitigate much of the damage.

A plan should outline what steps to take after a breach, including determining what was compromised, how the bad actor got in, and whether any data or personal information was taken. All of this will take time and research. Further steps may entail taking compromised systems or programs offline to prevent further disruption. 

As another part of the response plan, assemble a cross-functional response team and assign roles and responsibilities as appropriate. While IT employees are usually the first to spring into action following an incident, functions like management, operations, marketing/PR, HR, legal, and risk and compliance may all have a role to play in an SMB’s response plan. This is especially true if it is necessary to report the issue to customers, suppliers and vendors, other partners, and law enforcement. 

 

Proactive Planning Offers Protection

It’s an unfortunate truth: Large or small, no organization is immune to being targeted by hackers and cybercriminals, and bad actors will never stop trying to find a way into businesses’ networks and data. But with a strong, well-executed cybersecurity strategy, using these four techniques as well as others, SMBs have a better chance at keeping the hackers and attackers out.

KEYWORDS: cyber security data breach ransomware risk management small to mid-size business (SMB) security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Shena tharnish

Shena Seneca Tharnish is VP of Cybersecurity and Practices for Comcast Business Services. She joined after serving as SVP, Enterprise Network Infrastructure at PNC Bank for five years in Pittsburgh, PA, and as a senior leader at The Home Depot, Inc. for twelve years in Atlanta, GA. Shena has over 24 years of experience in Information Technology – leading and managing network engineering and application development services.  Prior to joining The Home Depot, Tharnish worked as a network consultant with carriers MCI WorldCom and Concert Communications (BT/AT&T), designing wide area networks for businesses. 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • remote-enews

    Four ways to stop cybercriminals from capitalizing on your remote workers

    See More
  • SEC1019-career-Feat-slide1_900px

    As Cyber Attacks Become More Prevalent, Here’s Why Your Small Business is at Risk

    See More
  • employees working at a table

    How to help employees spot and avoid phishing attacks

    See More

Related Products

See More Products
  • 9780367221942.jpg

    From Visual Surveillance to Internet of Things: Technology and Applications

  • Whitepaper-Social-Media-3.gif

    Optimizing Social Media from a B2B Perspective

See More Products

Events

View AllSubmit An Event
  • September 3, 2024

    From DDoS Protection to WAAP: How Layered Protection Enhances Your Cybersecurity Strategy

    ON DEMAND: By participating in the webinar, attendees will gain enhanced knowledge of cyber threats and understand the current spectrum of cyber threats facing businesses.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!