When it comes to cybersecurity risk, many SMBs like to think that they won’t be the target of attack because of their size.
However, in reality, they may actually be more vulnerable. According to the recent Verizon Business Mobile Security Index (MSI) 2021, 52 percent of security and IT leaders surveyed said SMBs were more targeted for attack. According to one research report, 43 percent of attacks in 2020 were specifically targeted at small businesses.
What’s more, the impact on an SMB can be much more significant than an attack on a large enterprise. This is because a larger company has more extensive resources for technical remediation and to withstand the reputation impact to its current and prospective customers. One metric finds that 60 percent of SMBs close within six months of a cyberattack — a concerning statistic for any business owner.
Unfortunately, many SMBs don’t have the resources to support large-scale cybersecurity operations, either in the form of budget or dedicated staff. Large bank JP Morgan, for instance, reportedly spends $600 million a year on cybersecurity, which is undoubtedly out of reach for any SMB (or even many large businesses).
The key in making the most of a limited cybersecurity budget is to focus efforts on where they can make the most impact to limiting risk. Here are a few places to start:
Get clear understanding of risk — Before implementing any technologies or initiatives, take the time to understand what in your organization might be at risk so you can prioritize where to implement protections. This may involve an exercise to determine which data is most critical in the organization that attackers may target — the so-called “crown jewels” of an organization — or perhaps the potential impacts of a ransomware attack.
Basic security hygiene — Advanced security technologies have their place, but ensuring all basic security hygiene principles are implemented can often have the most significant impact. Taking steps like ensuring all devices are up to date on patches, using basic data protection technologies, and adopting anti-virus are three steps in this basic essentials category.
Educate employees — While technology is undoubtedly vital, employees are often on the front lines to prevent attacks like phishing from impacting an organization. Educating employees through security awareness training can help them recognize potential threats and prevent them from turning into successful full-fledged attacks.
Managed security services — While an SMB may not have the budget to hire an entire security team to ensure they are protected, they may be able to outsource some of these capabilities to a managed services provider (MSP). An MSP can help monitor networks for signs of attacks and ensure all devices are up to date on the latest systems.
Each of these initiatives is just a starting point for an SMB looking to upgrade its protection against cyberattacks. While you may not accomplish all these efforts overnight, each step towards better, more comprehensive security is a step in the right direction.