I’m always concerned when I hear about small and medium sized businesses (SMBs) cutting back on their cybersecurity budget to help save on business costs. Don’t get me wrong – I fully understand businesses’ need to control costs. But controlling costs doesn’t have to mean giving up on proper cybersecurity; some creative solutioning can help SMBs save money while maintaining the security they need to address the inevitable event of a breach.
Many people understand that SMBs are important drivers of economic growth, but it seems far fewer people understand that SMBs carry the same or greater risk of a cyberattack as larger businesses.
According to Verizon’s 2021 data breach investigations report, 46% of all cyber breaches affected businesses with fewer than 1,000 employees , and 61% of SMBs were the target of a cyberattack in 2021 .
And according to another survey of SMBs by Momentive on behalf of CyberCatch, 75% of SMBs couldn’t continue to function if they were hit with a ransomware attack . And no wonder: The cost of a data breach to small businesses can range from $120,000 to $1.24 million, according to recent studies .
Yet the cost of preventing cyberattacks can be prohibitive, and especially in an economic downturn, it can be tempting, or necessary, to cut back on those costs. You may need to get creative with your business budget during a downturn, but that doesn’t mean you need to sacrifice security – or at least not entirely.
6 Tips to resolve common SMB security challenges
Here are six tips to help your SMB resolve common challenges that will help you maintain or improve your cybersecurity:
Security Tip #1: Consider using interns
Need people but don’t have the budget to hire more? You can onboard students at local colleges and apprentices in work training programs to backfill cyber security roles, with the eventual goal of freeing up senior resources for work that requires more experience.
Security Tip #2: Train your staff
One of the most cost-effective ways to improve cybersecurity is to continually train and upskill your cyber team, and any employees who work with sensitive data. Most cyberattacks happen due to human error, such as clicking on a phishing email or using weak passwords. By training employees on how to detect and avoid cyber threats, SMBs can improve their security posture and reduce the risk of a cyberattack.
Security Tip #3: Use multi-factor authentication (MFA)
This adds an extra layer of security to login credentials. Instead of relying on just a password, MFA requires users to enter a secondary authentication method, such as a fingerprint or code sent to a mobile device. MFA is a simple and effective way to prevent unauthorized access to sensitive information.
Security Tip #4: Keep software up to date
Software vulnerabilities are one of the most common ways cyber attackers gain access to SMBs’ networks. Keeping software up to date ensures that known vulnerabilities are patched, reducing the risk of an attack. Most software vendors release patches to fix vulnerabilities, so SMBs should make sure they enable automatic updates or regularly check for updates.
Security Tip #5: Use anti-virus and anti-malware software
These software solutions, which can detect and remove malicious software from computers and networks, are inexpensive and easy to install, making them a must-have for SMBs. Anti-virus and anti-malware software should be update regularly to provide the best protection against new threats.
Security Tip #6: Back up your data
This is an essential part of cybersecurity. Backing up data ensures that in the event of a cyberattack, SMBs can recover lost data without paying a ransom or suffering business interruption. SMBs should take advantage of cloud-based backup solutions that offer automatic backups and encryption for added security.
Of course, there’s far more to cybersecurity than these basics. Nevertheless, implementing these core measures can save your SMB money by reducing the risk of a cyberattack and its associated costs.
What should you do next?
Once you have these basics in place, you can expand to more detailed cybersecurity measures that can further reduce the risk of a cyberattack – budget allowing, of course. For instance, encrypting hard drives, mobile device management (tracking, locking or wiping devices), using virtual private networks and restricting access to systems to only people who absolutely need it are among the steps you can take to further cut down on cybersecurity risks.
However, with these six core measures in place, SMBs can improve their security posture and focus on growing their business.
Overcome common security challenges faced by small and medium-sized businesses. Learn how our strategies can help fortify your SMB against threats.
Kathy Ahuja is an experienced cybersecurity and risk leader, with a wealth of experience from leadership positions with technology companies, including OneLogin, Microsoft, Qumulo, DocuSign, Oracle, and more. She currently serves clients in the FinTech and Financial Services space with advisory expertise around data governance, data management, and data privacy.
Kathy is happy to collaborate with Kalles Group because she values getting down to a tactical level of delivery to help clients realize the immediate value of services provided.