3 Cybersecurity Measures SMBs Should Implement Now

Editor’s note: October is National Cybersecurity Awareness Month. This is the third in a series of blog posts dedicated to educating and informing you about cybersecurity practices. Check out the list below for links to the rest of the series:

1. How Does Security and Privacy Work with Microsoft 365 Copilot?
2. Follow These 3 Rules to Avoid Online and Phone Scams
3. Microsoft Ends Support for Windows Server 2012 and 2012 R2: What Does That Mean for Your Business?
4. Avoid These Six Cybersecurity Myths and Misconceptions 
5. Multifactor Authentication Prompt Bombing: What Is It and How Do You Protect Yourself? 
6. How to Stay Secure: A Roundup of 7 Educational Cybersecurity Blog Posts 

You may think attackers favor going after larger companies, as it would lead to more compromised personal and financial data. However, small and medium-sized businesses (SMBs) are targeted even more than large businesses, according to the 2023 Verizon Data Breach Investigations Report.

Attacking larger businesses may yield a bigger payday, but personal information is valuable whether it comes from a large business or an SMB. Additionally, many SMBs don’t allocate enough of their budget to improving cybersecurity measures, if they have invested anything at all, which makes them prime targets.

Larger businesses may have the money and resources to implement top-notch cybersecurity measures, but that doesn’t mean SMBs are out of luck when it comes to securing their business.

In fact, there are a few things SMBs can do before they even consider hiring a managed service provider.

Security awareness and skills training

According to the Verizon report, 74% of all breaches were successful due to the human element, whether it was error, privilege misuse, use of stolen credentials or social engineering (phishing, business email compromise, etc.).

It’s important to utilize to ensure your employees have the skills and knowledge to minimize cybersecurity threats. And it doesn’t need to be a robust, weeklong seminar. At Hungerford Technologies, we require our clients to take a short training session — generally less than 20 minutes — each quarter to ensure they retain the information they have been taught and are up to date on the latest threats.

All it takes is one person to click a link in an email that appears legitimate, allowing an attacker to access your organization’s sensitive data.

Data recovery

In the event your organization falls victim to a data breach or cyberattack, you want to have data recovery practices in place that can restore business assets to their original, trusted state.

The Verizon report noted 24% of all breaches involved ransomware, which denies organizations access to their own data, usually by encrypting it and making it unreadable. Attackers then demand a ransom to return or unlock it.

There are several data recovery software options that SMBs can implement themselves, but if you prefer, a managed service provider can manage your data recovery for you.

Keep in mind, certain industries have regulatory compliance requirements, and those backup solutions will need to meet those requirements. For example, HIPAA in the health care industry states data must be encrypted, recoverable, backed up frequently and stored off-site.

Privileged access management

Privileged Access Management (PAM) refers to the combination of tools and technologies utilized to secure, control and monitor access to critical information and resources within an organization.

PAM is based on the principle of least privilege, which restricts access rights and permissions for users, accounts, applications, systems, devices and computing processes to the least amount necessary to safely operate.

Part of PAM is local administrator access, which we’ve previously discussed why it’s a bad idea for businesses to allow. As a refresher, you can liken each user that has local administrator access to each user having a master key to your home. The more master keys there are, the more opportunities an attacker has to steal one of those master keys, which would allow them to gain access to your company’s network and data.

Additionally, any user with local administrator access can —knowingly or unknowingly — modify or delete vital system files, stop or disable antivirus services, or give persistent access to bad actors outside the company.

By following these simple practices, you’re taking the first step toward improving your organization’s security.

Strengthen Your Cybersecurity Practices Even Further

If you want to discuss more ways in which your organization can improve its security measures, contact us here. You’ll also discover how we can help keep your business running smoothly while increasing productivity and profitability.