7 Key Cybersecurity Tips for Small Businesses

CCB_CommunityHero_10112019-Lock

Large enterprises typically have the resources to protect their networks against the ever-evolving landscape of cybersecurity threats. But smaller businesses have tighter budgets and fewer resources. Hackers know that, which is one of the main reasons they target small businesses. To compound matters, small businesses with remote workforces have a new set of security considerations to contend with.

A cyberattack can have serious consequences, with some small businesses even having to shutter for good due to the fallout. These are high stakes. With that in mind, here are seven key security recommendations for small businesses:

  1. Educate users: No amount of technology can completely protect your network and data. User training and awareness are crucial to building solid defenses. Industry research shows that workers cause more than half of all cybersecurity incidents, making humans the “weakest link” in IT security. Trained workers, however, shift from liabilities to assets, becoming your first line of defense against cybersecurity threats.

  2. Secure endpoints: Laptops and mobile devices are among the most vulnerable endpoints or entry points to a network. Whatever the device, all endpoints must be secured to help prevent a breach. Many traditional or anti-virus tools block only the malware they recognize, based on signatures that have been written into the AV software. More sophisticated endpoint protection platforms scan and block malware, using a constantly updated threat list, protecting every device on the network.

  3. Apply security patches: Left to users, many security patches will be ignored, creating vulnerabilities that hackers know how to exploit. The fast-spreading WannaCry and Petya ransomware attacks first brought ransomware attacks to the top of the news cycle, and attacks have grown since. Remote work is complicating the problem and exposing new vulnerabilities. Many ransomware attacks exploit vulnerabilities that can easily be fixed through proper patch management. Businesses need strict patching policies so users don’t ignore software update prompts. Preferably, businesses would deploy automated patch management, taking users out of the equation.

  4. Deploy firewalls: Think of a firewall as a sentry that allows only authorized guests into a building. Firewalls block unauthorized content with controls, such as access denial to IP addresses known to deliver malware. Even if a malware payload is delivered, a firewall can prevent it from communicating with the command and control server from which it would receive instructions to lock out data. This could stave off infection until the malware is detected and removed. Firewalls let you choose which types of content to allow into your network, blocking unauthorized data while still allowing outbound communications. For remote workers, tapping business-grade Internet and connectivity can help.

  5. Enforce password policies: Although users tend to resist them, passwords are necessary and should be changed regularly. Require users to use combinations with numbers, special characters and upper and lowercase letters to make passwords harder to crack.

  6. Prepare an incident response plan: Prevention is critical to a cybersecurity strategy but you cannot ignore another critical component — incident response. Since no security measure is 100% foolproof, businesses must prepare for the eventuality of a breach. Every business should have an incident response plan (IRP) outlining what steps to take and who is responsible for the response following a breach. Without an IRP, it’s hard to minimize the damage of a breach if you’re unclear on what actions to take. Some malware infections spread at lightning speed once a network has been breached, so reaction time is critical. Trying to come up with a response plan after an incident already occurred is too late. And remember, cybersecurity experts warn that for most businesses, a cyberattack isn’t a matter of if, but when.

  7. Build a cross-functional security team: Avoiding, preparing for, and responding to security breaches involves more people than those in charge of IT and cybersecurity. Technical staff are usually the first to spring into action following an incident as they seek to identify the problem, assess the damage and start remediation, but the response also includes non-technical aspects. In addition to employees, it may be necessary to notify customers and suppliers about the breach, so there is work to do for management, as well as other functions like marketing, PR, HR and legal.

Small business owners aren’t ignorant of the cybersecurity threats they face, and most worry that they aren’t adequately protected. In fact, 88% of small business owners say they believe their business is vulnerable to a cybersecurity attack. Still, many don’t have the infrastructure and systems in place to protect themselves, and may not even know where to start. Considering the relentless pace of cyberattacks, doing nothing is simply too risky. SMBs need strong, well-executed cybersecurity strategies.

Comcast Business SecurityEdge can help protect the Internet-connected devices that employees and guests use from malware, ransomware, phishing, botnets, and more.

Nearly 60% of small businesses have experienced a data breach, and the stakes are high. Small businesses need to develop strong, well-executed security strategies to stay ahead of the risks. Check out these 7 tips to get started.

This article is available exclusively to
Comcast Business Community Members.

Join the Comcast Business Community to read this article
and get access to all the resources and features on the site.

It's free to sign up

Sign Up

to get our newsletter

network-security

Help your business Bounce Forward™

Take on whatever’s next with technology solutions and services to help you Bounce Forward.

footerLogo

to get our newsletter