Secure Your Business: Top 5 Actions Every SMB Should Take
In this article we tackle pressing concerns for small and medium-sized businesses (SMBs). Today, we're diving into cybersecurity, a crucial aspect of protecting your valuable data and operations. We'll cover the top 5 actions you can take to secure your infrastructure, along with recommended products and services to get you started.
#5: Antivirus & Firewall: Double Defense
Why is a good AV important? Malicious software has been a constant threat since the dawn of computers. Cybercriminals are constantly evolving their attacks, targeting personal data, corporate secrets, and holding your data hostage with ransomware.
Firewall basics: Think of a firewall as your digital security doorman. It controls incoming and outgoing traffic, filtering out unwanted access attempts. Imagine your home address – anyone can send you mail, but you choose what gets opened. A firewall does the same for your devices and network.
Your options:
Windows Defender for Endpoint: Built-in AV and firewall for Windows and Mac, included in E3/E5 licenses.
CrowdStrike: AV and firewall, starting at $99/device/year (minimum 5 devices).
Trend Micro for Business: Offers AV and firewall protection for Windows and Mac.
Additional resources:
Gartner Endpoint Protection Platforms: https://www.gartner.com/reviews/market/endpoint-protection-platforms
CrowdStrike vs. Microsoft Defender for Endpoint: https://www.gartner.com/reviews/market/endpoint-protection-platforms/compare/crowdstrike-vs-microsoft
#4: Patch it Up – Update Your Software Regularly
Out-of-date software harbors vulnerabilities that attackers exploit. Set up automatic updates to ensure you receive the latest security patches as soon as they're released.
Remember:
Keep Windows PCs up-to-date with automatic updates for features and security fixes.
A Ponemon study revealed 60% of breaches involved unpatched vulnerabilities – prioritize updates!
Not all applications offer automatic updates. Check for newsletters or product updates, and consider alternative software if updates are absent.
Information on auto-update:
Windows Update: https://support.microsoft.com/en-us/windows/manage-updates-in-windows-643e9ea7-3cf6-7da6-a25c-95d4f7f099fe
MacOS: https://support.apple.com/guide/mac-help/keep-your-mac-up-to-date-mchlpx1065/mac
#3: Two-Factor Authentication (2FA) & Single Sign-On (SSO): Secure Your Logins
What is 2FA? An extra layer of security requiring a second verification factor beyond your password, like a code sent to your phone.
How does it help? Google's 2023 Threat Horizons Report found 86% of breaches involve stolen credentials. 2FA makes it significantly harder for attackers to gain access, even if they steal your password.
Leverage SSO: Azure AD allows you to join Windows and Mac PCs and connect third-party apps, enabling single sign-on (SSO). Users only need one password, reducing the risk of weak passwords and unauthorized access.
Information on SSO:
MacOS SSO plugin for Azure Entra ID: https://learn.microsoft.com/en-us/entra/identity-platform/apple-sso-plugin
Integrating Apple Devices with Azure Entra ID: https://support.apple.com/guide/deployment/integrate-with-azure-ad-depa85a35cf2/web
Azure Entra ID Join Windows Devices: https://learn.microsoft.com/en-us/entra/identity/devices/device-join-out-of-box
Note: If you don’t see the option mentioned in the link you are likely not running the pro version of windows. You need Windows 10 or 11 Pro to join the device to Entra ID.
#2: Backup & Encrypt Your Data – Always Be Prepared
Cloud backup solutions: OneDrive, Dropbox, and Google Drive provide secure cloud storage with features like versioning and file recovery. These can help mitigate ransomware attacks and accidental deletions.
On-premises solutions:
AWS Backup/Azure Backup & MARS Agent: Back up VMs and on-premises Windows servers.
AWS Backup for VM's: Automate backups for your RDS databases.
Remember: Encryption adds another layer of protection by scrambling your data, making it unreadable if stolen.
#1: Educate Your Employees – Cybersecurity Awareness is Key
The human factor: A Stanford University study found 88% of data breaches involve employee mistakes. Regular training on cybersecurity best practices and phishing awareness can significantly reduce this risk.
The Psychology of Human Error 2022
Empower your team: Teach employees to identify suspicious emails, avoid clicking on unknown links, and report any concerns. Make security a priority within your company culture.
Training Frequency: Your employees should be taking regular training, at minimum annually but I would caution this might not be frequent enough. With the rapidly changing security threat landscape its important to keep your staff up to date. I would recommend one large module at the beginning or end of the year followed by smaller modules that re-enforce the concepts or introduce new concepts quarterly.
Options for a learning platform:
Build Your Own: You could build your own using an open source LMS Moodle. I don’t recommend this for building cybersecurity training unless you really have the in-house expertise.
Use a Third Party: There are some good ones out their but the one we like is KnowBe4. This was created by former hacker Kevin Mitnick turned consultant. What better way to learn then from first hand experience.
By implementing these 5 actions and educating your employees, you'll significantly improve your organization's cybersecurity posture. Remember, prevention is always cheaper than recovery!
Subscribe to our Newsletter and receive monthly updates filled with the newest articles and tips delivered straight to your inbox. Our articles provide practical information that is easy to comprehend, catering specifically to small business owners and executives who strive to stay ahead in the ever-evolving world of technology.
