Many small to medium-sized businesses underestimate their vulnerability to cybercrimes. They make the mistake of assuming hackers and thieves target large enterprises with grand schemes to disrupt services, steal sensitive data, or transfer large sums of money to their bank accounts on the dark web.
This couldn’t be further from the truth.
Cyberattacks most often target SMBs. The found that 96% of the claims made between 2014 and 2018 were made by SMBs, particularly those offering professional services or operating in the healthcare, retail, financial services, and education spaces.
Other research found that it can take a small business more than six months to detect a breach, and more than half of SMBs hit by a cyberattack end up closing their doors.
Yet small businesses continue to ignore cybersecurity issues. They assume it won’t happen to them, so they don’t invest resources to protect themselves.
There are some fairly simple steps even the smallest business can take to protect computers, websites, financial records, and customer data, even if your employees are logging in with home computers and personal mobile phones.
What to consider when protecting your business from cyberattacks
First, evaluate what you already have in place. If you use a cloud-based system for financial accounting, online sales or even data storage, many of your files and assets already are benefiting from the security system your provider uses.
You also may have purchased basic anti-malware and anti-phishing protection to work with your computer operating system. That’s good, but there’s still more to do. You are not trying to defend your data against every possible threat, however.
Instead, guard against the most likely threats, which for small businesses include low-hanging fruit, meaning devices connected both to the internet and your networks, like mobile phones, iPads, printers, scanners, POS devices, and other equipment.
These most often are left unprotected, making them the spots cybercriminals seek out for entry.
You’ve read a lot about artificial intelligence, big data, advanced analytics, and machine learning, but for most SMBs, they’re overkill. Such solutions are expensive and target a much broader enterprise and higher level of hacking. Even if you did detect a threat using AI, you probably wouldn’t have the resources to defeat it.
“These types of capabilities can be effective at identifying threats; however, they frequently require a significant operational overhead by the organization implementing them to see value,” says Andrew Ellis, executive director and founder of the.
“For example, a platform which looks for anomalies in log data collected across an SMB’s environment will require extensive tuning to be accurate. Even when this tuning is done, it may yield a large number of results which need additional analysis and eventually remediation. ... In many cases, this leads to an expensive investment, both in terms of budget and committed personnel, which yields very little in terms of results.”
So, where do you begin?
5 ways to prevent cyberattacks on you or your business
Be proactive and take these steps to protect your business, your data, and your customers from cyberattacks.
1. Optimize cloud-based software
Are you prepared to perform a software patch each time a new vulnerability is discovered? If you don’t understand the question (like most laypeople), you aren’t.
That’s why SMBs should look to move their computing to the cloud. Long gone are the days of purchasing a boxed software solution to load onto your desktop computer.
Software-as-a-service (SaaS) is updated continuously, and the cost of subscription-based cloud solutions is often cheaper in the long run.
In addition to gaining innovation, flexibility, and next-edge functionality for a monthly fee, purchasing software as a service enables a small business to leave the heavy lifting around cybersecurity to the service or cloud provider rather than employing full-time IT staffers.
“Often small businesses are paying for a robust instance of Microsoft Azure, for example, and not utilizing all of the capabilities. Azure Cloud has a Security Center that uses a monitoring agent that will assess the security posture of your cloud instance, virtual machines, networks, applications, and data. Azure also offers a security information and event management solution that monitors and responds to any threats.”
2. Start with your firewall
Once you’ve ensured the security of applications and functions through cloud-based software, turn your attention to securing network connections, starting with your firewall.
A firewall blocks access to or by unsecured websites (although employers sometimes use them to block unnecessary “fun” websites like Facebook and YouTube) through your computer.
Available as hardware or software solutions, they ensure that malicious files and unauthorized users don’t gain access to your network. You probably don’t need to give this one too much thought, though, as most operating systems come with a firewall preinstalled.
Remember, though, firewalls aren’t bulletproof, and sometimes they will admit malicious files that meet your established criteria for “safe” data. To counter this, you need to secure your network, which you do through a VPN.
3. Utilize a VPN (yes, you need one!)
A virtual private network (VPN) is a service that protects your privacy and anonymity when you connect to the internet through a public connection (think Starbucks). These days, VPNs are a good idea for anyone checking emails or their bank accounts while they stand in line or sit in a waiting room.
But if you are doing business on the go, or if you now have employees who are accessing your files and systems from their homes, it is critical you deploy a VPN to safeguard those connections.
VPNs encrypt and scramble data so private communications can’t be intercepted, and they also keep your web browsing history anonymous. Additionally, they mask your IP address and location, hide your location for streaming, and protect your connected devices, which are prime targets for hackers.
Even if you are a sole proprietorship or an independent freelancer, if you use your laptop, phone, tablet, or other devices to conduct business in any way, you should consider a VPN.
There are free, open-source VPNs available, but unless you are an IT pro who is comfortable implementing and maintaining the network, your best bet is to choose one of the many available providers.
Providers charge as low as $5 per month up to around $13, making it an affordable security measure all businesses can implement.
4. Don’t forget antivirus software
Your VPN won’t protect you from viruses, worms, and malware, so you’ll need to invest in some kind of antivirus software. VPNs will encode and scramble data and web traffic, but if you or an employee click on a malicious link, your VPN can’t detect and delete it.
The next layer of protection (if you have Windows-based devices) is antivirus software, which protects computers against viruses and malware.
Antivirus software is critical because it is updated daily for thousands of new cyberthreats. The software, which must be installed on each device, scans laptops, tablets, and phones, and if a malicious file is found, it deletes it.
Look for antivirus software, not antimalware. Antimalware restores a system after infection, but antivirus software prevents the infection, which saves time, risk, and money.
And don’t let the names fool you: Antivirus software will detect and delete malware as well as viruses, but antimalware does not detect viruses and delete them.
There are many third-party providers of antivirus solutions, and it’s a good idea to add on the solution rather than use the one that comes with your computer; you’ll often find something cheaper that does more.
When choosing your software solution, look for one that scans email attachments and websites, and ensure it detects and deletes the majority of malware (at least 95%). Additionally, be sure it doesn’t slow your computer down too much while it runs in the background or completes a scan.
You don’t need the most expensive product on the market, as even the most basic package will detect and delete viruses and malware. However, there may be other features you’d find helpful, particularly if you have remote workers accessing your network through home devices.
Some solutions offer options for password managers, backup software, identity protection, and online storage, which may be of interest to larger SMBs.
5. Protect your data
Backing up your data is a key component of your cybersecurity plan. According to David Janssen, founder of , many companies are guilty of not carrying out sufficient backups. He recommends storing multiple backups, dating back six months or longer.
“Also, make sure the old backups are not hooked up to the system in a way they can be compromised,” he says.
“Cybercriminals often infiltrate a system for a prolonged period of time before striking. We see many cases of criminals accessing systems for weeks or even months, infecting more and more devices — even the backups — before making their final move and taking over all systems. If you’re unlucky, the backups become useless at this point without the proper precautions.”
Back up your database as well as configurations for end-user devices, servers, and core infrastructure, and store them on a third-party platform outside of your network.
This is fairly easy to do, as there are innumerable cloud storage providers that specialize in this, at a variety of price points. Not only can this help you rebuild quickly after an attack, but it will lessen the chance you’ll have to pay “ransom” to a cybercriminal who is holding your data and network hostage.
Andrew Ellis recommends what he calls the “3-2-1” backup strategy: Keep three copies of any essential data, store backups on at least two different types of media, and ensure at least one backup is kept off-site for disaster recovery purposes.
Next steps for preventing cyberattacks
Implementing these practices will go a long way toward safeguarding your network and data, especially if you have employees working remotely. However, keep in mind that there are still points of vulnerability in your system: namely, your employees’ home laptops, routers, phones, and printers.
In another article, we’ll look at how you can protect your network and systems to keep your most vulnerable targets — your employees — safe.