In 2017 61% of small businesses in the United States suffered some kind of cyber-attack according to a report by the Ponemon Institute. This number reflects an over 50% increase year to year in cybersecurity assaults on U.S. small businesses. Even more discerning is that an August, 2020 report from Interpol is that 43% of small to mid-size businesses do not have any cybersecurity plans whatsoever. This includes no endpoint detection, malware detection, firewalls/basic defenses, and incident response/contingency plans.
There are many reasons why small businesses need cybersecurity — privacy, client trust, systems availability, financial data protection, data integrity and the longevity of the business in the face of a changing threat landscape. For a small business owner, the topic of cybersecurity can seem overwhelmingly complex, but a basic understanding of cybersecurity is considered essential for running a business in 2020, particularly a business with any kind of online presence or engagement with its customers. Here are some common sense and helpful cybersecurity controls that any small business should ensure they have employed.
Two-Factor or Multi-Factor Authentication (MFA) should be employed for login systems that support it to increase the security needed for confidential systems. MFA is typically employed on many your cloud providers services such Google Apps, AWS Web Services, Azure/Office 365 that require a second password or code to be used for authentication in addition to your username and password.
Data backups should be enabled on key information systems that support essential business functions. What were to happen in the event of a company laptop or tablet with critical business information breaks or is lost/stolen? Without a data backup service, information on that device would not be recoverable. Companies should look at using a free or paid for data backup cloud service provider. Luckily, many of these services run on devices automatically without user interaction.
Boundary protection is essential for protecting the boundary of your network and infrastructure. Hackers are constantly looking for company devices that are exposed to the internet with open services that are easily exploitable. A router with a combination hardware firewall and IDS system enabled can go a long way to ensure network traffic is properly blocked and filtered entering and leaving your organization.
Endpoint protection are those software service such as Anti-Virus and Malware that run on your laptops, tablets, and phones to ensure nefarious software is not installed and exploited on company assets. Endpoint protection includes services like Microsoft Defender and Symantec Endpoint Protection that are free or small cost that provides ernmous security benefits.
Cybersecurity threats are great and can be overwhelming for a small business. Grove is here to help. With extensive experience in security architecture and engineering services, our Grove consultants can work with you on prioritizing the cybersecurity needs tailored specifically for your business. Schedule a call with one of our consultants today!