Small business owners have one primary focus: growing their business. That often means that they wear several hats at once — they’re opening the doors in the morning, working with customers or employees all day, taking care of administrative tasks, and drumming up new business.

Security and IT in general tend to be an underserved function for many small businesses due to limited staffing and skills. This may be a vulnerability that bad actors take advantage of, seeing the increasing volume of attacks on small businesses.


As more business functions go digital, ensuring you take measures to secure your network and connected devices is essential to keep your business up and running. And while most small businesses don’t have the resources of an enterprise security team, there are many key steps small businesses can take to begin closing security loopholes and protecting themselves now. It all starts with an end-to-end strategy covering traditional IT security, endpoint protection, policy setting, access control, and Internet security. Working with an Internet service provider that offers Internet and advanced security combined can help simplify some of their security needs.

Understand the risk and identify key digital assets


From phishing, ransomware, and malware to clickjacking, drive-by-downloads, and software vulnerabilities, there’s an ever-growing list of threats posing a danger to small ever-growing list of threats posing a danger to small businesses. Understand the threat landscape, and learn about what a successful attack could mean for your company. From there, identify your key digital assets: from the hubs of your network to the personal devices used by your employees and your customers, take stock of your digital landscape so you can learn how to protect it.


Protect your network access


Take a comprehensive approach, ensuring firewall, endpoint, and advanced network security tools are in place. Firewalls are still one of the most effective security measures, monitoring and controlling network traffic and placing a barrier between trusted internal networks and the outside world. Your WiFi network, whether internal or customer-facing, is a ripe target, and vulnerabilities have been found in even the most secure networks. Use a secure router in a safe location and secure keys that require a password to join. Every device on your network, whether company-owned devices or employee or guest personal devices, is also a potential point of weakness.


If you have employees logging on remotely, maintaining end-to-end security can be even more difficult. Implement end-point protection on your company-owned devices to continually scan and update for the latest protections. For remote workers, consider adding a business-grade Internet connection to their home offices.

Safeguard your access credentials


Implement an access control strategy, determining which people within your company need access to which types of data. On top of access control policies, ensure that the credentials of everyone in your organization remain protected. Implement password management and educate employees about the use of strong passwords.


Educate users


Make sure to train employees in basic security practices and codify best practices into policy. Areas of focus include strong passwords and appropriate Internet usage, as well as the proper handling of customer information or other sensitive data.


Ensure that network equipment and devices are updated frequently


Some of the most headline-grabbing ransomware attacks have exploited Microsoft’s Windows Server Message Block (SMB) protocol. A simple update would have prevented infection, demonstrating the importance of patch management to staving off attacks. Implement strict patching policies to make sure users don’t ignore software update prompts or, even better, deploy automated patch management so no human action is needed.

Maintain backup and recovery


Especially when it comes to fighting ransomware, regular data backups are integral. If your data is held captive by hackers looking for payment to grant access, you remove their leverage if you have data backups handy. It’s a best practice to automate this process so you don’t have to rely on individual users to carry out the work.


Tap outside expertise


Cybersecurity is complex, and it’s hard to get a full grasp of cybersecurity without expert help. Especially for smaller companies, partnering with a managed security services provider (MSSP) can help you get started on the right foot, but even organizations that already have security expertise in house can benefit from tapping outside consultation to keep up with the ever-increasing volume of potential threats.


To protect against costly malware, ransomware, and bots, small businesses need to implement 360-degree cybersecurity measures that include anti-virus programs, firewalls, and network security solutions that proactively protect all devices connected to your network.


To keep their business running smoothly, busy small business owners need a comprehensive Internet solution that provides advanced security protection that’s also simple to use. Whether it’s costly malware, ransomware, bots, or a phishing attempt, small businesses need to implement cybersecurity measures that include anti-virus programs, firewalls, and network security solutions that proactively help protect all devices connected to your network.


See how Comcast Business SecurityEdge™ can help protect the Internet-connected devices that employees and guests use every day.