While many SMBs mistakenly presume they’re safe from cybercriminals, they often don’t realize that even the smallest business can have valuable information, including customer information or computing resources, which are attractive to threat actors and could result in additional, significant attacks. To attackers, SMBs offer an irresistible combination of monetizable assets and minimal defenses. 

Many small businesses feel like they lack the resources to bolster their company’s security posture. In honor of National Small Business Week earlier this month, here are five simple and effective cybersecurity best practices that will help better protect businesses and their online systems.

Use stronger passwords & leverage password managers 

While authentication technologies like milti-factor authentication (MFA) are becoming more common, passwords still play a huge role in cybersecurity and strong passwords are essential. To make them even stronger, create passwords that are a minimum of 16 characters in length with alphanumeric characters, uppercase and lowercase letters and symbols; or, use long passphrases. Most importantly, passwords should be unique for every login. 

Of course, creating, remembering and using many long and complex passwords isn’t easy. It can lead to some bad practices (like using slightly altered versions of the same password across several accounts). Cybercriminals can easily guess a password based on an existing or old one, due to the accessibility of billions of stolen passwords online. Use password managers to create and utilize unique and complex passwords. This will make it easier for employees to practice good password hygiene, and make it simple to auto-generate and securely vault complex passwords (meaning employees only have to remember the master password for the vault). To stop the most frequently exploited cybersecurity weaknesses, be sure to combine strong passwords and password managers with MFA. 

Use multi-factor authentication 

Security leaders should add MFA to their corporate and web-based logins and system protocols, regardless of what size their business is. Combining multiple factors of authentication — such as facial scans or biometric fingerprints, a mobile phone or hardware key and a password — even if an attacker gains access to a password with one technique such as email phishing, they’ll have to employ a second (and sometimes third) factor of authentication to be able to take over an account. 

Historically used most by governments and large enterprises, MFA has recently become more accessible to even the smallest accounts, personal devices and businesses. Today, it’s one of the most influential and essential authentication best practices available. In fact, the latest cloud-based MFA solutions can use employees’ smartphones to authenticate, and usually don’t require specialized hardware. 

Keep devices up to date: Malicious actors are constantly searching for vulnerabilities in software and hardware that will allow them to infiltrate networks and devices, which is why regularly updating both software and hardware with the latest security updates and patches is so critical. The most recent software update could be the only defense between employees and a cybercriminal that’s trying to install malware. These security updates help block ransomware and malware entries in the software to protect a device from attacks. Be sure to keep them up to date.

Educate & train: In the face of a cyberattack, employees are an SMB’s first line of defense, so they need to be aware of the possible dangers and access points a hacker may try to break through. Employee training and education should focus on security best practices, proper protocols, prohibited actions and how to solve problems stemming from malicious or suspicious cyber activity.

Ensure employees understand the potential consequences of a breach (data loss, loss of revenue, reputational damage, etc.) and are aware of the latest risks (inputting sensitive PII or company information into a tool like ChatGPT, as one timely example. Encourage employees to not only think about it, but take it seriously. Incorporate programs that focus on employee interaction. And, most importantly, reward those who do the right things or are the most actively involved. 

Consider outsourcing security to a managed service provider (MSP): It’s often assumed that only large enterprises need to have, or can even afford to hire cybersecurity experts to protect them from cyber vulnerabilities and attacks from malicious actors. And historically, small businesses have focused their limited IT resources on everything but cybersecurity. But now more than ever, these companies need online protection just as much as the bigger organizations. While hiring full-time, in-house cybersecurity staff might not be practical, many SMBs can get enterprise-grade security by working with an MSP. 

Small businesses aren’t at any less at risk of falling victim to cyber attacks. Malicious actors know that SMBs typically don’t have a well-funded IT infrastructure or staff that is adequately trained and up to date on the latest security risks and best practices (much less dedicated IT personnel or staff with security expertise to manage things for them). It’s important to keep in mind that the size of an organization is rarely proportional to the threats it faces — whether it be malware like ransomware, data theft, phishing attacks or otherwise. Fortunately, these five simple tips will go a long way toward keeping small businesses safe and secure.