Large enterprises typically have the resources to protect their networks against the ever-evolving landscape of cybersecurity threats. But smaller businesses have tighter budgets and fewer resources. Hackers know that, which is one of the main reasons they target small businesses. To compound matters, small businesses adapting to remote work have a new set of security considerations to contend with.
A cyberattack can have serious consequences, with many small businesses having to shutter for good due to the fallout. These are high stakes. With that in mind, here are seven key security recommendations for small businesses:
- Educate users: Industry research shows that workers cause more than half of all cybersecurity incidents, making humans the “weakest link” in IT security. Trained workers, however, shift from liabilities to assets, becoming a first line of defense against cybersecurity threats.
- Secure endpoints: Many traditional or anti-virus tools block only the malware they recognize, based on signatures that have been written into the AV software. More sophisticated endpoint protection platforms scan and block malware, using a constantly updated threat list, protecting every device on the network.
- Apply security patches: Many ransomware attacks exploit vulnerabilities that can easily be fixed through proper patch management. Businesses need strict patching policies so users don’t ignore software update prompts.
- Deploy firewalls: Firewalls let your customers choose which types of content to allow into their network, blocking unauthorized data while still allowing outbound communications. For remote workers, tapping business-grade Internet and connectivity can help.
- Enforce password policies: Although users tend to resist them, passwords are necessary and should be changed regularly. Your customers should require users to use combinations with numbers, special characters and upper and lowercase letters to make passwords harder to crack.
- Prepare an incident response plan: Since no security measure is 100% fool proof, businesses must prepare for the eventuality of a breach. Every business should have an incident response plan (IRP) outlining what steps to take and who is responsible for the response following a breach.
- Build a cross-functional security team: Avoiding, preparing for, and responding to security breaches involves more people than those in charge of IT and cybersecurity. In addition to employees, it may be necessary to notify customers and suppliers about the breach, so there is work to do for management, as well as other functions like marketing, PR, HR and legal.
Read the full article on the Comcast Business Community.