The Top 5 Cybersecurity Practices for Small Businesses

By Bob Ewoldt | October 18, 2022
Bob is an Ntiva solutions architect, holding such certifications as ITIL 4, Security+, Server+, Azure Administrator, and CCNA!

Cyberattacks and security breaches have become an almost routine part of the news cycle. It seems we can hardly go a month without hearing about a major corporation being compromised. But small businesses are also suffering cyberattacks at an ever-increasing rate, and the consequences can be dire.

While corporations like Target or Uber can absorb the cost of an attack, few small businesses have the resources to bounce back as easily. In fact, it’s been estimated that as much as 60% of small businesses will go out of business six months after an attack.

Given these facts, if you’re a small or midsize business in today’s world, you can’t afford to ignore cybersecurity risks. Here are the top 5 cybersecurity practices to protect your business against digital threats.

Cybersecurity Tip #1: Keep Your Software Updated

Listen, I know: The phrase “software updates” makes most of us think of that annoying prompt to restart our computers at the most inconvenient times. But those updates contain important security features designed specifically to help protect your system against newly identified threats. Letting your updates fall further and further behind is only leaving you vulnerable.

You should also make sure you’re regularly updating your operations systems on your workstations and servers, as well as updating and patching applications on both. Don’t forget about the other devices in your network, either. Firewalls, switches, wireless access points, and your network attached storage all need regular software updates as well.

It may feel like a lot to keep up with, but running these regular software updates is an easy first step to ensuring your business remains well-protected.

Cybersecurity Tip #2: Require Strong Passwords

One of the things you learn quickly in cybersecurity is that you can’t take anything for granted. While you might think, by now, everyone understands that a password should be stronger than “password123,” a surprising number of people still use simple or predictable passwords.

I understand the temptation. But for the sake of cybersecurity, it must be resisted. Whether it’s for your employees, your software, or your cloud applications, it’s important that you always require strong passwords. These passwords should contain:

  • At least 10 characters (if not more)
  • A combination of upper- and lowercase letters
  • Both numbers and symbols

One trick for this is to encourage employees to use passphrases instead of passwords. These phrases are both longer and easier for people to remember. Try suggesting they use phrases like “Retir!ngin5Yearsand3months$” or something similar.

Cybersecurity Tip #3: Implement Multifactor Authentication

Multifactor authentication (MFA) uses a two-step process to verify the identity of people trying to access your systems. For example, when an employee attempts to log into your network, an MFA protocol might trigger an app on their phone that will confirm it’s really them logging in. By adding this step, and using a secondary device to authenticate identity, you create a difficult hurdle for attackers to get past.

At this stage in the game, you should be aggressively implementing MFA everywhere. I mean on your VPN, on your cloud applications, on your SaaS applications, on your CRM — truly, everywhere you can possibly use it. It’s easy to do, and it will go a long, long way toward making your systems more secure.

Cybersecurity Tip #4: Train Your People to Identify and Report Phishing Emails

Your people can be either your greatest vulnerability or your first line of defense against cyberattacks. That’s because more than 80% of them begin with a phishing attack against an individual employee — and it takes only one person to fall for it before your whole system is potentially compromised.

In a phishing attack, your employees will receive emails from an attacker attempting to gain access to your systems or collect sensitive information. They may try to accomplish this by sending out a mass email blast to your entire company, or they target a single employee. Oftentimes, attackers will attempt to impersonate you, another employee, or a client in the hopes of gaining the target’s trust and tricking them into clicking a link.

Phishing attacks have been around for a very long time, and over the years, they’ve grown much more sophisticated. It’s important that you train your employees to identify and report phishing attacks to keep your company safe. You should also test your employees, and test them often, to make sure that the trainings have worked.

Cybersecurity Tip #5: Create a Plan for Your Cybersecurity

At some point, your business will be targeted by a cyberattack. You need to make sure that you have a plan for your cybersecurity. That includes a budget for your current and future spending, as well as a disaster recovery plan for what you will do if an attack should occur.

While no one likes to dwell on a worst-case scenario, you don’t want to be one of the 60%. Creating an incident response plan for how you’ll recover and remediate if and when you have a security breach, ransomware attack, or other cyberattack is the best thing you can do to ensure your business gets back on its feet.

BONUS TIP: Backups! Backups! Backups!

Everyone needs to keep up-to-date backups, but they’re especially valuable if you’ve been hacked. Approximately 90% of the time, if you have good backups ready to go, you can recover from a security incident. Without them, your business will likely be in serious trouble.

Get Your Business Cybersecurity on the Right Track

This list is by no means comprehensive, but it does give you a solid baseline to get your cybersecurity on track. If all the above is old hat, great! You’re ready for more advanced security measures. But if you look at that list and recognize any gaps in what you’re doing, now is the time to close them. You just can’t afford to wait until after an attack.

The good news is you don’t have to do it alone. If you’d like to learn more about how to shore up your cybersecurity, or work with an expert partner who will help you protect your business, contact us today to get started.

New call-to-action

Tags: Cybersecurity