Protecting Business Data: What Every Company Should Have in Place

Hackers love attacking small businesses.

You know the stereotype about burglars…

They always check the doors first. If those are unlocked, easy money.

Small business owners make the mistake of thinking their companies are “too small” to be locked out.

Hackers don’t think that way. Verizon even published research showing that SMBs are targeted 4x more than larger enterprises.

IT pros understand that there’s plenty of money to be made from targeting smaller companies. Startups and SMBs don’t have mature security teams like larger businesses do. If a hacker can gain access, the business won’t know it… until it’s too late.

So what can business owners do to protect themselves?

Let’s dig in.

Table of Contents

• Why Small Businesses Are the #1 Target
• The Security Basics No Business Can Skip
• Network Protection and Endpoint Security
• Employee Training: The Most Overlooked Defense
• Data Backup: The Last Line of Defense
• The Bottom Line

Why Small Businesses Are the #1 Target

Hackers go wherever the money flows.

It used to be banks and credit cards. Now, smartphones and laptops are just as much of a target.

Small businesses account for nearly half of all cybercrime. Weak passwords. Outdated systems. Limited IT teams.

Attackers use automated tools that scan the web looking for vulnerable networks. Your business will show up. Unless you’re taking active steps to secure your network, attackers will see you as low hanging fruit.

If SMBs are hit, it can cost them an average of $120,000. And 60% shut down after attacks within six months of a breach.

That may sound like a lot to you, but revenue for most small businesses just isn’t that high. Outside of funding rounds, that kind of hit can be unsurvivable.

But it’s not just SMBs that are dealing with attacks. Cybercriminals are hitting big business harder than ever before.

Thanks to technologies like artificial intelligence, hacking is easier than ever. Large enterprises can’t possibly defend against every attack vector without help. Smaller businesses shouldn’t feel secure either.

Getting the right comprehensive IT solutions in place is one of the most effective steps a business can take. Running a successful company is hard enough. Don’t let hackers make it impossible.

The Security Basics No Business Can Skip

You know the saying about missing socks in the laundry?

One goes missing, and poof they’re all gone.

Small businesses tend to skip basic security measures because “it won’t happen to us.” Preventative maintenance is boring. No one wants to think about their network being attacked. But it will happen.

Here are the absolute necessities every single company needs:

• Multi-factor authentication
• Password policies
• Firewalls
• Software updates

These are IT basics that everybody should have in place. Having MFA enabled on your accounts (banking, email, cloud services) can reduce account takeovers by up to 90%.

And password policies aren’t as restrictive as you might think. Basic rules like “don’t reuse passwords” and “don’t use family members names” can stop hackers in their tracks.

But most gaping holes start with software updates.

Windows automatically updates these days. But what about your printers? Office software? Marketing platforms? Servers?

Leaving software “as is” creates open doors for hackers. Make sure your staff is keeping EVERYTHING up to date.

Not sure how to track it all? Automate it.

Network Protection and Endpoint Security

Think about your company network like your house.

If your doors are unlocked, someone could waltz right in. Every employee’s device is a doorway into your network. If one person clicks on a phishing link, attackers own your network. Every device, every file.

Companies need to have a layered approach to network security.

Endpoint protection is often the most overlooked.

Endpoint, in this case, refers to any device connecting to your network. Laptops, printers, smartphones, tablets… If it connects to the network, it needs to be protected.

Implementing endpoint detection and response (EDR) software is one of the best ways to monitor employee devices and flag abnormal behavior.

Remote workers connecting over public WiFi? Make sure they’re using a VPN when connecting back to the company network.

Not all data should be accessible to every employee. Learn about network segmentation and how to protect sensitive systems.

Your IT support vendor should be able to recommend products that help with all these aspects.

Employee Training: The Most Overlooked Defense

Wait, what?

Employees are the biggest piece to this security puzzle.

It’s true! 60% of breaches have a component that involves someone inside the company clicking on a phishing link.

Despite popular belief, most hackers aren’t combing through public networks looking for your Wi-Fi password.

They’re sending emails to your employees containing malware or phishing links. If someone falls for it, game over.

Regular employee training is one of the best defenses you can have against cyberattacks.

Here’s what you should cover:

• Phishing scams
• Password best practices
• Rules around personal devices
• Reporting procedures

Taking just 10 minutes every month to educate your staff on good security habits can stop attacks in their tracks.

Imagine if that happened at your company. One of your employees sees a phishing email coming through… realizes it’s not legit, and reports it.

Problem solved. No expensive software required.

Data Backup: The Last Line of Defense

All of these things we’ve talked about protect against certain types of attacks.

But let’s say your network is compromised. What’s your plan?

This is where data backup comes into play.

Regular data backups are the best defense against ransomware. There’s no need to pay thousands of dollars to hackers when you can just restore all your files from a backup.

It should be 3 copies, on 2 different types of media, with 1 stored offsite.

Boom. 3-2-1.

If you don’t have a formal backup strategy in place, stop reading and go make that happen.

The Bottom Line

The unfortunate truth is that every business will be attacked eventually.

It’s not a question of if, it’s a question of when.

Taking active steps to secure your network and training employees on good security habits are the best defenses.

But it’s also important your business has:

• A layered security strategy. You can’t rely on any 1 thing 100%.
• Good backups. They should be tested regularly by your IT vendor.
• Proactive tech support. Not just someone to call when you’re panicked about an attack.

Stay vigilant, and good luck out there.