Businesses of every size need to prioritize security as threats become more prevalent across industries, but keeping information safe against cyber attacks doesn’t have to be a major hurdle or involve a large IT security team.

As the predicted security spend for SMBs reaches an $16B this year, implementing cost-effective solutions now will ultimately save businesses time and money later. The following tips will equip businesses with an infrastructure that can stand strong against risk:

1. Focus on Education First

More than two-thirds of cybersecurity threats are introduced to SMBs through human error. Receiving an email from a seemingly safe source, clicking a link to download a document from an unknown sender or visiting websites that seem safe but aren’t, are just a few of the risks SMBs encounter daily. Educating teams to recognize various threats and responsibly handle them is the first step to create a secure environment. A continuous security awareness training program is your best defense; hackers use seasonal phishing campaigns such as political, sporting, media and current events that take advantage of uneducated users.

2. 3-2-1 Data Backup Rule

A data backup management program is a close second to user education. 76 percent of SMBs have experienced a data breach in the past 12 months. Ransomware attacks are pervasive and the cost of downtime has increased 200 percent over last year, averaging $140k for SMBs. It can be difficult for businesses to recover financially, especially if they have had more than one security event. The 3-2-1 backup rule protects businesses from costly ransom payments. The rule is keep at least three (3) copies of your data, store two (2) backup copies on different storage media, with one (1) located offsite. Multiple copies protect businesses from losing data, while storing in multiple locations ensures there is no single point of failure. While storing a backup copy offsite strengthens data security, having a readily available copy onsite allows for faster recovery.

3. 2FA – Two-factor Authentication

While backup management is a critical tool in your security arsenal, one of the most effective controls that is underutilized is two-factor authentication (2FA). Phishing emails are the leading cause of ransomware breaches for SMBs, and to protect sensitive data you need a mechanism to verify the users trying to access that data are who they say they are. 2FA is one of the strongest tools to protect against security threats such as phishing, brute-force attacks and credential exploitation. For businesses using Office365 or G-suite, this is already available and needs only to be enabled and deployed.

4. Improved Password Management and Secure Mobile Devices

It only takes one misstep to create security problems for SMBs. 69 percent of users share passwords with colleagues and 51 percent reuse passwords across business and personal accounts. Strong passwords over eight characters in length with upper and lowercase letters, numbers and symbols make it harder for hackers to compromise systems. The US National Institute of Standard and Technology (NIST) recommends creating long passphrases that are easy to remember and difficult to crack. Use a unique password for EVERY account – corporate and personal – otherwise if one account is breached its likely another account with the same credentials will be compromised.  A quality password manager will allow you to remember one single password and will store, encrypt, and even generate unique passwords. It can also automatically sign you in to your accounts for ease-of-use. Many businesses promote a BYOD (bring your own device) policy. Requiring users to protect their phones with strong passwords, fingerprint or facial recognition, along with enabling device encryption, is critical for data security and integrity.

5. Prioritize Infrastructure Management

According to a recent report, 77 percent of security leaders expect an infrastructure breach in the upcoming year, and outdated systems are often the cause of this vulnerability. Operating on an outdated device or operating system no longer supported by new updates, security patches or general IT management creates an alarming number of opportunities for cybercriminals. Businesses may think they’re saving a buck by not investing in the newest technology, but they are actually welcoming costly security risks. Devices/systems at the end of their functional lives also pose a risk as they relate to regulatory programs, as some of the newest regulations require businesses to operate on active lifecycle supported technology. This can create serious issues during times of audit as well.

Businesses that think they are not at risk of cyber attacks are often the ones risking the most devastation. Simply put, anyone using a computer or smartphone is at risk, and preparation is crucial to avoid major losses in the event of an attack. Unfortunately, it’s often not a matter of if a business will face a security breach, but when.

 Julie Branc is the National Director, Client Experience & Strategy at All Covered

Security stock photo by Illus_man/Shutterstock