Cybersecurity

How to Protect Your Small Business From Cyber Attacks Right Now

December 29, 2020

The Verizon Business Data Breach Investigations Report is one of the most comprehensive annual analyses of cybersecurity threats available, drawing on more than 150,000 incidents to identify trends that every business owner should understand. The 2020 report arrived at a particularly consequential moment: unprecedented numbers of employees had moved to remote work, and small and mid-sized businesses without clear data security policies in place were facing elevated risk on multiple fronts.

"Employees are dispersed and on different devices, and you don't know what they're doing. This opens up vulnerabilities like never before," said TJ Fox, SVP and President of Verizon Business Markets.

Beyond the shift to remote work, businesses were adapting in other ways that expanded their exposure. Retail locations introduced order pickup services. Restaurants moved onto third-party ordering platforms. Every new touchpoint with customer data on a new network represents a new potential vulnerability. Four measures stand out as essential first steps for businesses that have not yet prioritized data security.

Ban Public Wi-Fi for Work.

Public Wi-Fi networks at airports, coffee shops, and other shared spaces are a high-risk environment for any device carrying business data. Connecting to an uncontrolled network exposes devices to interception and attack. Every employee should understand that using public Wi-Fi for work activities is prohibited, and the policy needs to be enforced. Provide alternatives such as mobile private networks or VPN access so employees have a secure option when they are working outside the office. For company-owned devices, mobile device management tools can prevent connections to unauthorized networks.

Build Policies Around Suspicious Emails.

The 2020 DBIR found that 30 percent of cyberattacks against small businesses involved phishing. That number is not surprising given how effective phishing attacks have become, but it does underscore that employee awareness is not optional. Employees need to know what phishing looks like, understand that suspicious links and attachments should never be opened regardless of the apparent sender, and follow clear company guidelines about how files are legitimately shared internally. The same caution applies on mobile devices. Receiving a phishing email on a phone rather than a laptop does not make it any less dangerous.

Control Which Applications Are on Company Devices.

The same report found that 43 percent of the studied breaches involved web applications downloaded to devices. Set clear expectations about which applications are permitted on company-owned devices and where those applications should be obtained. Unmanaged app downloads introduce risk from unvetted software, and that risk is compounded when the same device is used for both personal and professional activity. A documented acceptable use policy eliminates ambiguity and gives your IT team a basis for enforcing standards.

Move to Cloud-Based Systems.

Many small businesses still rely on a single on-premises server or workstation that has been running for years without consistent patching or software updates. This creates significant vulnerabilities. Cloud-based infrastructure from providers like Microsoft Azure, Amazon Web Services, or Google Cloud benefits from continuous security updates, enterprise-grade access controls, and redundancy that most small businesses cannot replicate on their own hardware. If your organization has not yet evaluated a move to cloud-based systems, now is a good time to have that conversation as part of a broader review of your security posture.

These four measures are a starting point, not a complete security strategy. But for businesses that have paid little attention to data security in the past, they represent meaningful, actionable steps that can reduce exposure significantly.

Cyber One Solutions Can Help.

From security policy development to managed IT services, Cyber One Solutions helps small and mid-sized businesses build the defenses they need. Contact us today to schedule a consultation.