Digital transformation has probably brought a lot of changes to your small business: increases in efficiency, speed, and hopefully revenue.

But with those benefits has also come some risk:  cyber risk. And while many of the cybersecurity conversations revolve around the government and enterprise business level, with SMBs also depending more and more on digital as a means to conduct their business, SMB owners and employees are just as susceptible to cyber threats as any other business or organization.

According to the 2021 Verizon DBIR report, 61% of SMBs reported a cyber breach in 2020. And with the average breach costing SMBs almost $3 million, it is imperative that SMBs have the proper procedures and strategies in place to identify, address and report cyber threats.

That said, doing so can be difficult for SMBs who are getting familiar with the ins-and-outs of cybersecurity and have a more limited set of resources to depend on.

With that in mind, below are several steps that SMBs should keep in mind as they come to terms with the cybersecurity landscape and look to make their operations more secure.

Provide Ongoing Cybersecurity Training

There is a misperception that surrounds the cybersecurity industry that the only way for businesses to protect themselves is by spending big money on the newest cybersecurity technology.

And while technology is certainly helpful in accomplishing cybersecurity goals, the foremost cybersecurity hurdle that needs to be addressed isn’t technology, it is people.

Over 95 percent of cybersecurity instances have human error as a significant contributing factor. Yet, only 44% of employees receive cybersecurity training in their workplace.

So, one of the first steps SMBs can take in their cybersecurity journey is to put in place a comprehensive training schedule as well as an awareness program so that people know that when they see something, they need to say something.

Reporting potential incidents is critical. If you don’t have written company policies, like acceptable use of technology, this could be the time to create them. Then make sure your training covers the most critical parts of your policies, as well as practical things like how to report phish and anything else suspicious.

Ensure Regular Updates and Backups

Cybersecurity is an ongoing process, not a one-time event.

The technology and tools used to protect your business need to be properly configured and maintained regularly. Your IT provider, whether it’s an employee of yours or a vendor, should be able to share with you the process and schedule they follow to keep your data, software, and systems up-to-date.

Granted, given the amount of software businesses use, this can feel like an overwhelming task. However, in many instances it is now possible to fully automate the updating process by allowing devices to be alerted when a new update is available and to facilitate immediate installation.

In addition, businesses need to make sure that they have a data backup system in place and that it is frequently tested to ensure it functions as anticipated.

It is estimated that 6% of computers around the world experience data loss each year and that 34% of companies with a backup solution in place never test it.

Backup technology can be a lifesaver for many businesses should a breach or ransomware attack occur. Thus, SMBs need to make sure they have a backup infrastructure in place and that it is functioning properly.

Secure Remote Access

Arguably one of the biggest business side effects of the COVID pandemic is the widespread adoption of remote work.

In fact, nearly 5 million workers in the U.S. work remotely at least 50% of the time. And with remote work becoming a key perk that workers are increasingly looking to take advantage of, SMBs need a way for remote employees to work securely.

This is not nearly as complicated as it seems, as many of these best practices are very straightforward to enact.

For example, longstanding best practices like using a virtual private network (VPN), encrypting sensitive data and communications, enforcing strong passwords, and other cybersecurity building blocks can work wonders for securing remote work environments.

And thanks to the push in the last few decades to make cybersecurity more accessible to everyday users, many of these steps – like checking settings and enabling multi factor authentication – can be easily managed by employees with even the smallest bit of previous technology and computer experience.

As the recent Log4j vulnerability showed us, no business is too small to be a target for cybercriminals. However, that doesn’t mean that SMBs should just throw up their hands and give in to cyber threats.

By keeping these few key items in mind, SMBs can build up their cybersecurity operations and create not just a more secure environment for themselves but for their customers and the broader technology community as well.


By Lisa Plaggemier, Executive Director, National Cybersecurity Alliance

The post 3 Reasons Cybersecurity Should Be A Top Priority appeared first on


[yuzo id=820442 ]