With National Cybersecurity Awareness Month as a backdrop, industry leaders weigh in on how SMBs can more effectively protect themselves from cyberattacks.
SMB Security- Here we are, nearly midway through the 16th annual National Cybersecurity Awareness Month (NCSAM), and while the good news is many large enterprises are more locked down than they were five or six years ago, it’s clear SMBs need some help.
An August report by Untangle examining the current state and trends of IT security for more than 300 SMBs bears that out. Among the findings: While 80% of SMBs ranked IT security as a top business priority, 52% admitted they didn’t have an in-house IT security professional on staff, and another 29% said they spend $1,000 or less annually on IT security.
They’ve also become targets for hackers, according to Heather Paunet, Untangle’s vice president for product management. “For SMBs, if they do get attacked, it could cripple their business,” she says.
In honor of NCSAM, we asked industry leaders how SMBs can more effectively protect themselves from cyberattacks. You’ll find that many of their tips involve standard cyber hygiene and apply across the board to companies of all sizes.
Identify the Company’s Most Sensitive Data
Kelvin Coleman, executive director of the National Cyber Security Alliance (NCSA), says SMBs should start by identifying the assets and systems that are critical to the company’s success. These so-called crown jewels, such as sales data and customer and vendor lists, are crucial for businesses to operate – and they’re a high-value target for hackers. Coleman suggests SMBs create a detailed inventory list of their companies’ data and physical assets and update it regularly. For all hardware and software assets, record the manufacturer, make model, serial number, and support information.
As part of creating visibility into their data, SMBs also should set policies and procedures and train people so they can adhere to the security policies set, adds Steven Durbin, managing director of the Information Security Forum.
Protect Company Data by Performing Frequent Updates
The vast majority of security breaches happen because companies don’t have a good system for updating software, including security software, Web browsers, productivity applications, and operating systems, NCSA’s Coleman says. Many software applications will update automatically, so be sure to turn that capability on whenever possible. SMBs should also have a backup system in place. Too many ransomware victims get caught because they don’t have backups they can rely on if they get hit.
In addition, SMBs should think about securing their privileged accounts more carefully, says Max Trottier, vice president of sales and marketing at Devolutions. A lot of SMB owners know what privileged accounts are, he says, but because they are smaller companies, they don’t always see it as something they have to focus on right away. But as they grow and add IT infrastructure, there’s much more to manage. Remember that rank-and-file workers only need access to the data they need to do their jobs, so it makes sense to focus on a privileged account management.