No entity, no matter the size, can afford cyber security blind spots. Hackers have gone after major cities like Baltimore and they’ve hit places the average person is less familiar with, like Lake City, FL. Despite the risks, many small-to-midsized municipalities, businesses, etc. count on their size to keep them safe, leaving dangerous security gaps open in the process.
Work-from-home policies are one such gap. SMBs have been overwhelmingly open to this trend, with many owners allowing employees to work remotely. Popularity aside, remote work is a security hazard for many of the SMBs that have embraced it. Many SMBs haven’t updated their work-from-home security policies in the last year. Today’s threat landscape changes fast. Regular review and revision of these policies keep a company from inviting in needless risk by allowing employees to work remotely.
Maintaining policies around remote workers aren’t the only facet of cyber security in which SMBs seem to be struggling. Only a few SMBs have fully deployed the U.S. Small Business Administration’s (SBA) list of cyber security best practices and recommendations.
Cyber Security best practices for SMBs
What makes this so concerning? The SBA’s list isn’t a collection of cutting-edge solutions or complex strategies designed to push already-elite cyber security environments to the next level. Just the opposite. The items on it are fundamental. They’re the kinds of things businesses of all sizes need to do to stay safe. Let’s review some of what’s there and how SMBs can incorporate these recommendations into their cyber security strategy.
Deploy endpoint protection solutions (and keep them updated). It isn’t enough to roll out technology to stop malware, spyware, or any other malicious code attackers dream up. These solutions (and all others) must be kept updated and patched to ensure devices don’t become a liability. If onsite IT doesn’t have the time or resources to keep up, an outside partner makes an excellent alternative.
Build up network defenses. Solutions such as firewalls and encryption are only one part of what must be done to keep networks safe. To start, organizations must take stock of what exists on their network and be sure that current builds allow for easy, secure growth alongside the company itself.
Set policies protecting high-risk information. Hackers will often take whatever they can get their hands on, but they’re predominantly after big-ticket data pertaining to health or finance. SMBs must create (and enforce) policies governing how staffers, contractors, vendors, etc. handle and store their most sought after, at-risk data.
Educate employees about the threat landscape. Employees need to know what they’re up against. SMBs must allocate for proper security training around all aspects of the workday, including something as mundane as social media usage. Cyber criminals see employees either as a weak point or as a treasure trove of exploitable information. Proper training can turn them into a security strength.
Implement password best practices. What defines a “password best practice” in 2019 is up for debate. Some swear by forcing end-users to change their passwords regularly. Others point out that this breeds bad habits. Complex passwords that aren’t shared with others and are supported by multifactor authentication is an approach no one would question.
Make regular backups a habit. A ransomware attack can force an SMB to close up shop for good. Regular backups to a separate server or to the cloud are an SMB’s best chance to survive such an attack. In its list, the SBA sets a low bar, urging backups “at least weekly.” Despite the “at least” qualifier, a week’s worth of data can be a devastating loss.
Limit device and network access. Some of this pertains to physical access, like keeping data centers locked down. Another part ties back into passwords. Administrator credentials should be issued selectively, and their activity tracked to make for easier audits.
Secure on-the-go employees. Back to the topic of remote work, SMBs need encryption to help protect data when it’s on the go. They must also retain control over that data even if the physical device belongs to the user. Anything less is could mean a data leak is just a lost phone away.
Next Steps: Empower a security-focused organizational culture
These pointers are things every SMB – and, really, every organization should implement. The consequences of doing anything less are too great. If your organization is struggling with any of part of the above list – or some other piece of its cyber security environment – Nauticon can help. Connect with our team of experts by visiting https://www.nauticon.com/contact or calling 240.499.2546.