5 Expert Cyber Security Tips for Your Small to Medium-Size Business (SMB)

While you might not think that your small business has anything that would entice a hacker, the truth is that most small businesses have a wealth of personal data and employee information like W2s and 1099s, that are extremely valuable to hackers.

Here are 5 tips on how to prepare your small business against an attack.

1. Consider Managed IT Services

We don’t all have the same resources as the IT departments at the biggest technology companies in the world, so how can we be expected to keep up with the same threats and risks that these companies deal with? Managed IT services are a good solution because they let you access a dedicated team that is ready to deal with whatever problem comes your way, without having to create or hire an internal department.

If you’re a small business, you need to figure how to up your web security game if you want to survive an attack, whether it’s an intrusion, ransomware, or a simple DDoS attack. A Managed Service Provider (MSP) can give you access to high-powered options like round-the-clock monitoring of your system’s security, help desk support, new equipment set-up, backups, and the like for less than a full-time IT tech’s salary. Just figure out what services you need with the help of an MSP, or Internet Service Provider (ISP) that offers managed services, and they take care of the rest. Because they’re able to figure out exactly how to fulfill their contract, it makes it easier for them to provide top-notch protection for a reasonable price.

2. Patch Your Vulnerabilities

The Equifax breach is one of the biggest stories of 2018, and for good reason. 143 million people’s personal information was exposed to the world, and the company didn’t let anybody know for six weeks. The craziest thing about the whole story is that it wouldn’t have happened if it wasn’t for some major oversights with regards to Equifax updating their software.

While it’s easy to put off a software update because it always seems to pop up at an inconvenient time and it’s easy to kick the can down the road, the truth is that you’re only getting prompted to update because an exploit is publicly available and can no longer be ignored. Patch up your vulnerabilities as soon as you can, and protect yourself from attackers who are banking on companies being slow to adapt.

3. Address Best Practices Training for Your Employees

No matter what kind of protection you have in place, you need to put your employees in a position to succeed, and that means getting them on the same page about security.

Training should include the basics of strong passwords, how you can spot a suspicious link or attachment, and the importance of keeping control of your devices. Most importantly of all, it’s vital that employees understand why they should have separate login information for work accounts than they have for their personal ones. This extends to physical security. Employees should know who should be in the office at a given time and be able to spot a fishy situation.

Finally, be sure that everyone is clear on exit procedures. A disgruntled ex-employee with an active account can cause some serious damage, so make sure there’s a clear plan in place for what happens when you need to make changes to your team.

4. Physically Secure Your Network

Focusing on web tools and monitoring is critical, but it’s also important to remember there are physical concerns about securing your network as well.

While it’s easy to think of attackers as random people from the internet looking to make a quick buck, in actuality, overcoming all of your security measures may be as easy as walking up to your router and pressing the reset button. Make sure that your key pieces of in-office infrastructure are secure, and that you’re monitoring them with video or other physical security options to have all of your bases covered.

5. Double Down on Firewalls

While most routers have a firewall built in that can protect your internal network against outside attacks, you should know that it might not be automatically activated. It’s generally called something like SPI (stateful packet inspection) or NAT (network address translation). Either way, turn it on.

It’s also key to ensure that your own software isn’t sending information out over the network or the internet without your permission. For that, you’ll want to install firewall software on your PC as well. PC Magazine’s top pick is Check Point ZoneAlarm Pro, but the default firewall that comes with Windows 8 and 10 is also a good start.

What You Can Do Right Now

Cybersecurity is obviously a big concern in 2018 with so many businesses entrusted with private information from their customers. It goes beyond IT because ultimately, you need your customers to trust you if you want to thrive. Here’s what you can do right now to double down on security for your SMB.

  • Look at Managed IT services to take your cybersecurity up a notch.

  • Be diligent about patching vulnerabilities as quickly as possible.

  • Train your employees to spot “phishy” emails.

  • Think about your network’s physical security as much as its digital vulnerabilities.

  • Invest in a strong firewall to help you monitor traffic and respond to threats.

Scroll to Top