It’s important to note that small to medium-sized businesses are a target for cyberattacks, and are becoming just as much of a target as large businesses. A Q3 2021 report by Coveware indicates that 40.1% of ransomware attacks targeted companies with 100 or fewer employees. The same report shows that beginning in 2021 bad actors have been pivoting toward targeting smaller companies and “are moving away from big game hunting.” Also noteworthy is that small businesses do not have the same resources that their larger counterparts do. Where a large business has a dedicated employee or staff focused entirely on security, small businesses often do not. In lieu of paying for a dedicated security person, that’s where third parties like NerdsToGo can come in and can provide the same level of security that a dedicated team would provide.
4 Suggestions for Preventing Cyber Attacks on Your Small Business
There is some basic blocking and tackling that has to happen regardless of the size of the business. Here are four basic suggestions:
Patch All of Your Devices Immediately
It’s important to stay vigilant about patching your devices. It doesn’t matter whether they are laptops, desktops, servers, or network devices like routers and firewalls. You need to be aware of the vulnerabilities at both the operating system and the application level. More and more applications are becoming web-based, so it is important to make sure your browsers are up-to-date. Over the last sixty days there have been numerous vulnerabilities in the Chrome browser that are considered zero-day, which means that the attackers exploit the vulnerabilities before the vendor releases a patch. You have to stay alert to these vulnerabilities, and as soon as that patch comes out, you’ve got to get on it. You also have to address the vulnerability from both the OS and the application.
Use (& Update) Antivirus & Anti-Malware Software
Your laptops and computers must have endpoint protection that, at the minimum, includes antivirus and anti-malware protection, and they must always be kept up-to-date.
Encrypt All Endpoints
Encrypting all endpoints is highly recommended. Some people recommend only encrypting portable devices like laptops, tablets and mobile phones, but I would advise encrypting everything including desktops and servers. This is especially important if you’re in a regulated industry or taking credit card payments.
Devise a Plan for Data Backup & Recovery (& Test It)
Implement and test an offsite data backup and recovery plan to protect against data loss. Be sure to account for both hardware failure or a cybersecurity incident. With a tested plan in place, you won’t have to worry about permanently losing your data.
Just the Starting Point for Mitigating Cybersecurity Risks
While the list above are four of the most important things to implement, it’s not a comprehensive list. Just tackling these four items can take time to get in place and to monitor. That being said, if a small business owner has to choose between meeting with a customer or patching their machines, they’ll probably focus on the customer. For this reason, having dedicated resources to help you with your cybersecurity needs, whether inhouse or from a third party, can be a wise strategy to mitigate security risk.
Don Dally, a former firefighter with a passion for technology, owns the West Knoxville, TN NerdsToGo franchise and is now in his third franchise business, Don’s prior experience includes various corporate technology leadership roles with over two decades in C-level IT roles such as CTO or CIO.