While cyberattacks and breaches at large organizations dominate security headlines, businesses of all sizes are at risk thanks to persistent bad actors and their ever-changing tactics. However, small and medium-sized businesses (SMBs) are frequent victims too and are arguably the most at risk.
Their vulnerability should be concerning to everyone — many SMBs are third-party vendors for billion-dollar companies, putting an additional target on their back.
SMBs are also least likely to take steps to protect themselves. Most have few — if any — resources dedicated to cybersecurity, either because they believe they’re not a target, it’s too costly to implement security tools or too difficult to find and retain dedicated security personnel. Ironically, not implementing security measures often makes these businesses more attractive to cybercriminals and thus vulnerable to attacks.
Fast-growing businesses can’t afford to ignore security — the absence of basic protections can lead them to lose vital data like intellectual property, new customers and funding and eventually legal and reputational damages.
Fortunately, there are several practical solutions for smaller companies to improve their security posture and maintain the security of their employees and customers.
Secrets should stay secret
While it seems like a no-brainer, protecting assets like user data and internet protocol (IP) needs to be a top priority for every business. Particularly in today’s hybrid world, wherein employees increasingly use personal devices to access company data and networks, keeping work and personal passwords separate is key to reducing the risk of unauthorized access. Getting a password manager is a great option, as it is a method of ensuring strong, protected passwords are used for every account employees access. Companies should also keep a list of any third-party vendors who have access to their network and ensure they also have password managers in place.
Consistency is key
Consistency and consolidation of security measures are critical in strengthening a business’ overall security posture, since they help reduce vulnerabilities that hackers can exploit. Tools like single sign-on (SSO) and mobile device management (MDM) give companies the ability to implement security configurations across an organization’s users and devices. Utilizing these measures makes processes as routine as signing into an email account or installing new software uniformly across the whole tech stack to avoid security gaps.
Hacking two systems is harder than one
SSO may not be feasible for every single account in an organization’s management system. In those cases, multi-factor identification (MFA) can drastically decrease the success of unauthorized login attempts. Passwords aren’t perfect, so MFA acts as a safety net when they must be manually entered. Avoiding SMS-based MFA adds strength to this strategy, since phone companies aren’t known to be very resilient against SIM-swapping targeted attacks, but any MFA protection is better than none.
Don’t skip the updates
Although update notifications can get lost in the sea of constant alerts employees receive across devices, it’s imperative for companies to continuously update their technology infrastructure, including browsers and machine operating systems. The newest versions of these tools are engineered to protect against malware in addition to fixing security vulnerabilities discovered in older versions.
Find security bugs first
The annual penetration test is a time-honored tradition in the information security world. To put it simply, employing internal or external penetration testing means cybersecurity teams can find and patch any security bugs or vulnerabilities before the bad guys can exploit them. The more regular the testing the better, particularly if the organization regularly rolls out new tools. As time passes, more bugs are introduced into an organization’s system, waiting to be discovered by hackers. Having professionals solely focused on looking for vulnerabilities can nip them in the bud before it’s too late.
While it can seem daunting, fast-growing companies cannot afford to put their security on the back burner, no matter the reason. Implementing these basic best security practices go a long way toward drastically reducing organizations’ cyber risk and enabling long-term business growth.