An SMB’s path to cyber hygiene

In addition to the financial costs, not implementing cyber hygiene often results in a decline in productivity, the loss of customers and a blow to your brand’s reputation

Cyber hygiene is necessary to safeguard businesses against cyberattacks. For small and medium-sized businesses (SMBs), the first step on the path to cybersecurity is to recognize that the landscape is rough terrain and challenging to navigate.

When your business invests in cyber hygiene, it’s an investment in its resilience and longevity. The risk of not doing it can be devastating, as these U.S. cyberattack statistics illustrate:

• Nearly 43% of cyberattacks targeted SMBs, and only 14% were prepared to face them.
• The median cost of cyberattacks is $8,300 based on a survey including 500 SMBs.
• The average data breach cost for U.S. companies with fewer than 500 employees is $3.31 million.
• Companies surrendered $1.1 billion in value to ransomware attackers.

In addition to the financial costs, not implementing cyber hygiene often results in a decline in productivity, the loss of customers and a blow to your brand’s reputation.

If you’re ready to get started or improve upon your current security stance, there are many IT solution providers that can assist.

Here are the key areas to focus on.

Web Content Protection: This service blocks users from accessing known bad websites and depending on preferences, it can be set to block specific website categories and content (gambling, pornography, etc.) that is deemed incompatible with usage policies.

Email Protection: Defending against email attacks requires a tiered strategy:

• Advanced machine learning technology to catch potential spam and other threats. Suspected content should be placed in a quarantine folder to be reviewed safely by users and before being released.
• Phishing detection that uses a combination of message content analysis, sender reputation and community feedback to rate emails so administrators can review and assess sketchy emails

Multifactor Authentication: MFA is the current standard for cyber hygiene and typically required by cyber insurance providers. It requires additional authentication, such as a PIN delivered via a mobile device, to be entered in addition to a user’s password.

Password Management: Cyber hygiene best practices demand that every system uses a different password, that those passwords are long and complex, and that they are stored in a safe place. We also recommend a service that monitors the dark web for stolen passwords for sale and notifies you to ensure the password is promptly updated. Whatever platform you or your IT provider choose, make sure it’s easy for your employees to access their passwords as needed from various devices, so they actually use this tool.

Security Awareness Training: A core element of cyber hygiene is employee training. Utilize a service that will periodically send your team simulated phishing emails so that they remain mindful of risks, and so you can identify users that may need additional training.

Endpoint Detection and Response: EDR applies artificial intelligence and other technologies to provide additional threat protection for Windows and Mac computers. It monitors unusual behavior that might be associated with malicious activity and addresses threats in real-time by quarantining any suspicious processes. We recommend a product that is supported by a 24/7 security operations center (SOC) that continually gathers and reviews any detected events.

Vulnerability Scanning: The first line of defense for an IT network is its connections to the internet. A cloud-based vulnerability scanner will scan public IP addresses monthly to ensure the firewall is in place, correctly configured and identifying your network vulnerabilities, like outdated or unpatched software and misconfigurations.

Advanced Security/Advisory Services: Advisory services help with compliancy requirements and deliver expert guidance to keep you on track. An example is a SIEM solution that offers an in-depth review of your network from a security standpoint. Review your cyber insurance policy to ensure you have the right amount of coverage in place.

In summary, having a proactive approach to cybersecurity hygiene will better protect your business from cyber threats. SMBs that integrate processes and technologies can mitigate common cyber risks and enhance overall security.

So, stay vigilant, prioritize cybersecurity to safeguard your business, people, data and, most importantly, your company’s reputation. Consult with your current managed security provider as needed. It takes a village!

Dave Hodgdon is CEO and chief technology and security advisor at PCGiT.