Cyber Security Best Practices for Small and Medium-sized Businesses

For many small or midsize business (SMB), it’s common for cyber security to take a back seat to other operational IT tasks. However, security needs to be part of the overall operational and IT plan for SMBs.’s 2020 survey of small and midsize businesses found that 46% were victims of ransomware attacks and 73% of those targeted paid a ransom. The average ransom payment is now more than $230,000, according to Tyler Moffitt, a security analyst at Webroot.

It’s important to understand that there are multiple entry points for illegal access to your company’s data, and that access can come from inside or outside your organization. Making employees aware of the severity of cyber attacks and the role they play in prevention is a crucial step to avoiding malicious attacks.

For small and medium-sized organizations, following these best practices will be a great start to preventing a cyber attack on your computers, servers, networks, electronic systems, and essential data.

1. Conduct periodic risk assessments

Every time you add to your technology infrastructure, it’s essential to reassess your company’s risks. The risk assessment will evaluate your entire tech infrastructure, including data storage, remote access, and cyber security policies. Performing regular risk assessments helps you identify where the security team should focus their attention to prevent attacks instead of reacting to them once they occur.

2. Backup your data

Schedule regular data backups on all computers and network data—especially critical data including financial spreadsheets, CRM and other databases, human resource files, accounts receivables/payable files. Backup files should be stored offsite or in the cloud. Having a secure and reliable backup system is the best defense for SMB ransomware attacks.

3. Use secure passwords

Regardless of a company’s size, passwords should never be shared, and employees should be required to use unique passwords and change them every three months. Enforce your password policy, and if you don’t have one, you need to create one. The Verizon 2020 Data Breach Investigations Report found that 78% of cyber attacks on web applications in North America involved using stolen credentials.

4. Implement multi-factor authentication

Setting up a multi-factor authentication when logging into your corporate system provides an additional layer of protection—especially now when so many people work remotely outside of the company network. The more layers that are in place means that company data is better protected from attacks. Multi-factor authentication types, such as security codes, OTP (unique passwords for single login session), fingerprint, voice recognition, and more, help organizations meet local, state, or federal compliance requirements. Your security management services team can help select which authentication type will work best for your organization.

5. Limit employee access

Employees should not have access to all systems and databases. Consider a role-based access control (RBAC) approach so that employees only have access to data and tasks necessary to perform their job function and role. The most common tool to use for RBAC is Windows Active Directory.

6. Install security software updates and patches

Keeping systems and software updated with the latest releases helps prevent holes where cyber criminals can gain access. Gaining access through these holes is simple and can easily infect computers without any action by the user other than viewing a rogue website, opening an email, or playing infected videos, music, or other media. Software updates typically include software patches, and both are essential tasks to prevent cyber attacks.

7. Be cautious of phishing

The 2020 Data Breach Investigations Report revealed that 22% of digital breaches included phishing, which involved spam emails or phone calls to find out information on employees, obtain their credentials, or infect systems with malware. The primary defense methods for phishing are to install a spam filter and educate employees on how to spot phishing emails and calls.

8. Build and maintain employee awareness

Educating employees is your best plan or defense. Train them on your corporate security policy and the best security measures to take to prevent issues from occurring. Engage them in the corporate security efforts by asking them for feedback on the current policy and asking them to contribute ideas on how to combine security with an efficient workflow. Doing this will help keep employees focused on overall digital security and protecting data.

Cyber criminals target small and midsize businesses because they are easy targets, and they lack the ability and resources to prevent attacks. And, with almost three-quarters of the companies paying ransoms, why wouldn’t hackers target easy prey?

Following several of these best practices can be challenging for SMBs because of the lack of time and resources. Visual Edge IT Security Management Services can assist with developing and managing your security plan, as well as performing the necessary best practice tasks to keep your data and systems protected from devastating and expensive cyber attacks.

Visual Edge specializes in managed IT services and security, cloud computing, and print/copy solutions for businesses across the U.S. including remote offices. The company has more than 20-years of technology service with a national network of expert engineers. Request your free no obligation assessment today.