7 Recommendations For Small Business Security During COVID-19

Cyber attacks are on the rise, and with small businesses being ill-equipped to handle security incidents, they’ve become the proverbial low-hanging fruit for cybercriminals. In terms of expenses on security products, they account for only 13% of the overall cybersecurity market share. When it comes to adopting security best practices, SMBs are falling behind. The general belief that due to their scale of operation, they’re unlikely to be attacked is a comforting thought, but the reality is far removed. Given the times that we live in today, with a majority of the workforce connecting remotely, it is crucial to have the right security controls in place.

7 Recommendations for Your SMB’s Cybersecurity Needs

Apart from ensuring that your employees connect over a secure connection and utilize a virtual private network (VPN) for encrypted communication, the pointers below can help you to establish and maintain a foundational level of security in your business environment.

1. Educate Your Staff About Security Threats and How to Report any Security Concerns

Security cannot be implemented in an organization only by installing tools, insider threats being a case in point. While admittedly, a lot of instances of an insider breach revolves around disgruntled staff, there are several cases where an unsuspecting employee leaked data because they did not know any better.  Educating your employees about cyber attacks and their consequences through regular workshops on cybersecurity trends, recent breaches, and how to respond to them, will foster an atmosphere where security is taken on priority and will become a part of the organization’s culture.  

2. Streamline Your Patch Management Process to Install Updates on Timer

Developers frequently release updates to patch security vulnerabilities, and attackers are aware that users often fail to install these updates. Turning on automatic updates for applications that support it or manually installing patches on a regular basis where needed can keep you safe from falling victim to attacks that already have a quick fix.

3. Implement a Strong Authentication/Authorization Mechanism to Grant Access to Your Network

Implementing a secure authentication/authorization process involves having a strong password policy, limits on reuse, multi-factor authentication, account lockouts on multiple failed attempts, etc. in addition to access control lists and limiting permissions on a need basis to prevent privilege escalation attacks. Deploying an identity and access management (IAM) solution such as CyberArk or OpenIAM can prove to be highly effective.

4. Backup Your Data or Any Business-Critical Information to Avoid Downtime

Coronavirus related phishing attacks increased by 667% in March 2020 with emails using targeted keywords to feed off on the general anxiety around the pandemic. They come in the form of relief packages, donation scams, CDC alerts, or other informative content, nudging the user to download an attachment or click on a link. Despite regular reminders not to do so, it is possible that an employee might inadvertently download malware that can infect an entire network. Irrespective of the scenario under which your data may be compromised, creating data redundancy in the form of backups can help to minimize the business impact.

5. Use Reputable Security Tools to Protect Your Network and Prevent Unauthorized Access

Get the essential protections in place by making use of firewalls and investing in an intrusion prevention/intrusion detection system. Depending on your specific security requirements, deploying a unified threat management platform to gain better network visibility can serve you well. You can also look at utilizing a web filtering tool and a DNS filtering solution (Quad9 is a free alternative) to block unwanted traffic.  

6. Run Regular Scans Using Anti-Virus, Anti-Malware, and Anti-Ransomware Programs

Invest in a trustworthy anti-virus, anti-malware solutions, and keep them updated to the latest version. You can also opt-in for free open source tools (like ClamAV). One in five SMBs report falling victim to ransomware attacks, and with these on the rise, it makes sense to deploy a leading anti-ransomware solution.

7. Formulate a Security Incident Response Plan That Details the Protocol to Be Followed in the Event of a Breach

Having done everything you can to protect your business, it is still possible that your perimeters may be breached. Instead of waiting for when it happens to come up with a plan, prepare and formulate a security incident response plan with clearly defined escalation points, recovery strategies, roles and responsibilities, etc.

Some other pointers that can come in handy during these times include –

• Using secure video conferencing platforms with no known open vulnerabilities
• Unplugging or turning off the microphone on smart assistants when discussing sensitive, business-critical topics
• Blocking unused ports and unnecessary services
• Verifying logs for any suspicious activities
• Changing all default passwords on any IoT devices in the network
• Automatically logging out remote users after periods of inactivity
• Conducting regular vulnerability scans and network penetration testing

Depending on your network architecture, your security needs will vary greatly, and hopefully, the pointers above will get you started in the right direction.