An Advanced Guide to Cybersecurity for Small to Midsize Businesses

A Guide to Cybersecurity for Small to Midsize Businesses

It’s no secret… Cybercrime is clearly getting worse with hackers attacking every 39 seconds. According to recent studies, data breaches exposed a staggering 4.1 BILLION records in the first half of last year. So what do you need to do to protect yourself? You’ve likely heard of the basics… Install anti-virus software, use strong passwords, be wary of emails… But is that enough? The simplest answer: Absolutely not. You need more advanced cybersecurity measures, protocols, and procedures to stay safe in today’s threat landscape. Even if you’re a small business, cybercriminals will still target you for the information you’re storing.

Consider this… It’s much easier to target 10+ small businesses with lackluster cybersecurity measures than 1 large enterprise with advanced cybersecurity measures. This is why small businesses account for approximately 43% of cyber attack victims. The idea that you’re “too small” for cybercriminals to target is outdated at best and dangerous at worst. Here are the most common causes of a data breach to keep in mind:

1. Application vulnerabilities and/or back doors
2. Social engineering via email or other avenues
3. Too many permissions granting accessibility
4. Improper configuration and/or user errors
5. Weak or reused login credentials
6. Insider threats, such as disgruntled employees

As mentioned above, you’ve likely heard the basics when it comes to staying safe against the risks listed above. But here’s a quick refresher…

• Use strong, unique passwords that are hard to guess
• Install and run an enterprise-grade antivirus software
• Be wary of suspicious emails and never click on links
• Apply the latest patches to all operating systems, software, etc.
• Don’t access sensitive information via public wireless networks

But beyond the basics, what do you need to do? Here’s a few tips that will keep your confidential information safe:

1. Enforce a strong bring-your-own-device policy: Many organizations overlook the risk of allowing employees to use their own devices, but those devices typically connect to the network at some point, as well as store and access corporate information. You should have a bring-your-own-device policy that outlines various requirements to keep these devices safe.
2. Document all of your security policies: On the topic of policies, it’s important to make sure you’re documenting all of your security policies, including any training, checklists or other protocol that take place. This is crucial in the event that you do experience a security breach of some sort as it allows you to prove that you were not negligent in your actions.
3. Use multi-factor authentication wherever possible: Many email programs and other online services now offer multi-factor authentication wherein users will need their username, password, and another form of authentication to log in. This other form of authentication is often a PIN sent to their mobile device or something similar. This greatly minimizes risks.
4. Invest in a SIEM (security information and event management) solution: A SIEM is a type of software solution that analyzes activity taking place from multiple different resources across your information technology infrastructure. Essentially, the software collects data regarding security from servers, domain controllers, network devices, and other resources to spot and alert you of problems.

Contact Discovery IT at (409) 727-7080 to Start Implementing the Above Security Measures Now.