To coincide with Small Business Advice Week, Paul Barnes, senior director, product strategy at Webroot, outlines some top tips on how small-and-medium-sized businesses (SMBs) can improve their cybersecurity.
The rise of digital technology is rapidly changing the business environment in the UK, but one thing remains the same: SMBs are at the heart of the economy.
According to Webroot research, SMBs are spending almost an entire working day (18% of their time) a week on cybersecurity tasks. And almost half (48%) have had to de-prioritise activities that would help grow their business in order to address cybersecurity issues. Of the SMB businesses that had been targeted, 70% were used as an entry point into a larger enterprise system they supply to, with nearly a quarter (22%) admitting they are no longer a supplier as a result.
With this in mind, here are some best practice tips for how small businesses can dramatically reduce their risk of becoming a target, and free up more time to prioritise activities that drive business growth:
- Always educate. Security awareness training can’t be a simple tick-box activity for SMBs. It needs to be continual, so cybersecurity stays top-of-mind and user error is minimised. Attention also needs to be paid to the method of delivery. Micro learning, or short courses about five to 10 minutes each, is a best practice among e-learning specialists when it comes to information retention and attention span.
- Take a layered approach. SMBs need to leverage next-generation endpoint protection, network protection and security awareness training to help cover the numerous gaps that cybercriminals and hackers deploy to compromise businesses.
- Know the signs. Phishing is a favourite technique amongst attackers. Make sure employees are confident in identifying the different types of attack. Security awareness training that incorporates phishing simulations ensures that people, processes, and technology are all harnessed effectively together to defend against cybercriminals.
- Assess your risk profile. Every business has different risk factors. If you don’t have the expertise, get an independent security audit or a Managed Security Provider (MSP) to help assess your security posture. Work to develop a plan for adequate ongoing risk mitigation. Look at your GDPR exposure and follow guidelines to ensure the appropriate mitigation criteria are met.
- Plan for the worst. Create a data breach response plan that identifies specific security experts to call and a communications response plan to notify customers, staff and the public. Have a backup and recovery strategy.
As each year passes, the cybersecurity landscape rapidly evolves. SMBs need to keep a pulse on fast-changing threats and put plans in place to proactively shield their data. No matter what industry you’re in or your current technology setup, considering ways to improve your cybersecurity posture is an important investment that can pave the way for a secure future.
With the confidence that they are protected, small businesses can digitally transform and enhance the experiences of their customers and employees to ultimately secure long term success. Size does matter when it comes to cybersecurity, and it can be SMBs’ main advantage in times of change.