6 Things Small Businesses Need to Know About Security

Entrepreneurs and small- and medium-sized businesses can do a great deal to strengthen their defenses and block intrusions into their systems—or at least reduce the damage if a breach does occur. To help your company build effective digital-security practices, six experts in the field have shared some of their most valuable tips—far more than “just use strong passwords”:

1. You’re not too small to be a target (Erik Knight, Founder & CEO of SimpleWAN)

Many entrepreneurs, startups, and small-business owners consider themselves “minnows” compared with the big fish, assuming they’re too small to attract hackers. The bad actors don’t see it that way. “Don’t think you’re too small to be affected,” says Erik Knight, Founder and CEO of SimpleWAN. “Every place you have an employee—or an office—is a potential entry point. Take it seriously. If you own something worth stealing, hackers will try to steal it.”

Knight notes that small firms are easy prey because they rarely run security audits or invest in protection. Hackers view them as simple targets to crack.

2. Treat security as a business problem (Vats Srivatsan, President & CEO of ColorTokens)

Vats Srivatsan warns that security is not a “nice-to-have” feature—it demands 100 percent commitment and investment. Cyber-attacks can drain cash, steal IP, and halt operations. “If a breach hits a small firm, customers and employees may lose trust and switch to bigger brands they believe are safer,” says Srivatsan. A recent study showed 37 percent of small businesses lost customers and 17 percent lost revenue due to downtime—proof that security is a core business issue.

3. It’s not if but when (Thomas Supercinski, Head of Product Development at Frogslayer)

With rising data breaches, phishing schemes, and other cyber-attacks—accelerated by the pandemic—companies can no longer bury their heads in the sand. “The question isn’t whether you’ll have problems, but when,” says Thomas Supercinski.

Assuming your company will be attacked means prevention is just as vital as detection and response. Supercinski advises planning exactly how your firm will handle security incidents: “Like anything else, make a plan, anticipate the risks, and then refine that plan.” It should specify how quickly you can detect a problem, what control layers will blunt its impact, and which proactive steps will guide your response.

4. Identify your most valuable digital assets (Tony Buffomante, Senior VP & Global Cyber-Risk Leader, Wipro Ltd.)

Achieving 100 percent cyber protection is impossible, so don’t waste time and resources chasing it. Tony Buffomante suggests starting here: “Identify your most critical data—the organization’s ‘crown jewels.’”

Those jewels might be protected IP, market-share data, customer records, or other assets. “Once you know what matters most, map where that data lives inside your company,” Buffomante says, “and build defenses around it.” You may already have a good head start: leverage security capabilities built into the technologies and platforms you’re already using.

5. Employees are your biggest risk (Rishi Malik, Founder of Backstop.it)

The mass shift to remote work has shown that end-users—your staff—can be the weakest link. Hackers exploit home networks and personal devices. Yet people can also be your strongest asset when properly trained. Rishi Malik recommends pinpointing weak spots, adding extra safeguards there, and educating employees about risks.

“Phishing is your biggest threat, so enforce multi-factor authentication (MFA) everywhere,” says Malik. “Run anti-virus/malware scans on every computer, and back up all your data daily.” He also urges finding the right security partners: “If a security expert can’t discuss your business model and revenue in depth, keep looking.” With trained employees and the right partners, your company will be far more resilient.

6. Don’t overlook physical security (Clay Gervais, VP of Sales, Digilock)

Your security culture extends beyond the digital realm. Stolen devices are a major source of data leaks and IP theft. In healthcare alone, 68 percent of breaches stem from lost or stolen devices or files. Clay Gervais stresses building a sense of belonging and safety even as workplaces grow more flexible.

As staff move between home and office—or use hot desks—they’ll need secure places to store gear. “From installation to user access, personal storage security should be simple and robust,” Gervais says. That empowers employees and builds trust in workplace safety.

In the wake of the pandemic, both companies and consumers are rethinking what security means. For every small and medium-sized business, security remains a critical investment as phishing, breaches, identity theft, and other attacks keep rising. Beyond updating your passwords, protect your company’s crown-jewel data, employee information, and customer records.

Source: forbes.com