Given all the news regarding cyberattacks, it’s not hard to get businesses thinking about improving their cybersecurity. But, when those same businesses want to move beyond just thinking about improvement and act to really mature their security, they may feel like they are on their own. After all, the typical small business doesn’t usually have an IT staff, and probably doesn’t know where to begin this journey. Not to worry, we’re here to help. 

These are the first 5 things we recommend a small business (really any business) do as they work to improve their cybersecurity posture.

ONE

The very first thing we recommend is to have a plan.  If you are not sure how to develop a plan, here is an overview of the different areas you’ll want to review as you begin the process of improving your cybersecurity: https://www.realtime-it.com/blog/solid-cybersecurity-plan.

TWO

You must perform risk and vulnerability assessments for your business. You want to understand (and document) how you use technology in your business and the technical risks you face so you can prioritize your cybersecurity improvement efforts.  It is not possible to fix everything at once, and your risk assessment will help you identify what might be addressed easily and what is critical to address immediately.

 For the rest of Part 1, we’ll skip ahead a bit in the process to shore up areas every business needs to address if they haven’t already.

 THREE

Backups – air-gapped, tested, secured. Simply put, you want to regularly backup all your important data, and have a copy of that backup outside of the building and inaccessible from your local computers. This way, if something bad happens, the backup isn’t affected along with everything else.  Don’t forget, you also want to periodically test your backups to make sure the process is working, and the data is up-to-date and usable.

FOUR

Firewall – managed, NextGen security. Your firewall, with the proper security services in force, is one of your primary means of cyber defense. Firewalls have been considered a security necessity for about twenty years now– and no, you can’t get a proper business-grade firewall off the shelf at your local big-box electronics store.

FIVE

Security Awareness Training – ongoing and often. If your staff is using computers and the internet, they need to be aware of the threats, to know what to watch for, and to understand how to report anything out of the ordinary. – We have a great blog on Security Awareness Training here with a lot of great links.

Finally, even though we said we’d only discuss the first five steps to consider in addressing stronger cybersecurity, we really want to make sure you understand how important it is for you to obtain adequate cyber insurance appropriate to your business type and cyber risks. Talk to your insurance agent and ask for qualified resources and options to help you find the best policy to meet your needs.

Large corporations have the resources to invest heavily in the most sophisticated security strategies and successfully stop most cybercrime attempts. A typical large enterprise may have over twenty inhouse IT dedicated employees ensuring that every device connecting to their network is adequately protected.

In comparison, Small Businesses (SMBs) have neither the money nor the manpower of large enterprises and can’t afford the same level of security. Very few SMBs have full-time IT dedicated personnel on hand to run routine security checks. Even those who do have in-house IT support often find that their internal resources are too bogged down with other tasks to properly address security upkeep.

SMBS ARE NOT “TOO SMALL TO MATTER”

Since most cybercrimes affecting smaller businesses go unreported by the media, there is no sense of urgency by SMBs to prepare for cyber attacks. Too many SMBs mistakenly view their operations and data as trivial to hackers. They feel that large online retailers, global banks, and government entities are much more attractive targets for hackers.

The goals and methods of cyber attackers are evolving and will continue to evolve. The era of one “big heist” for hackers is over. Cybercriminals today often prefer to infiltrate the data of many small businesses at once, stealing from victims in tiny increments over time so as to not set off an immediate alarm. This method takes advantage of those SMBs who are especially lax with their security processes and may not even realize there has been a security breach for days or sometimes even weeks.

SMBS - THE ACCESS RAMP TO BIGGER & BETTER DATA

Many breaches are the result of good employees making mistakes or of technology failure. SMBs don’t necessarily need a large budget or dozens of employees to adequately protect sensitive data. A secure environment is possible even on a SMBs budget.

SMBs, however, are often the inroad to larger better-protected entities. They are often sub-contracted as a vendor, supplier, or service provider to a larger organization. This makes SMBs an attractive entry point for raiding the data of a larger company. Since larger enterprises have more sophisticated security processes in place to thwart cyber attacks, SMBs often unknowingly become a Trojan horse used by hackers to gain backdoor access to a bigger company’s data. There is malware specifically designed to use a SMBs website as a means to crack the database of a larger business partner.

For this reason, many potential clients or business partners may ask for specifics on how their data will be safeguarded before they sign an agreement. Some may require an independent security audit be conducted. They may also ask SMBs to fill out a legally binding questionnaire pertaining to their security practices.

Moving forward, a SMB that is unable to prove they’re on top of their infrastructure’s security will likely lose out on potentially significant deals and business relationships. More large enterprises are being careful to vet any business partners they’re entrusting their data.

TO STAY SECURE A GOOD DEFENSE IS THE BEST OFFENSE

SMBs must understand that the time has come to get serious with their security.

Cybercrime is only one cause of compromised data. There are 3 primary causes of breached security at businesses according to the Symantec Global Cost of a Data Breach study. Only 37% are attributed to malicious attacks. The remaining 64% are human error and technology errors.

Data breaches aren’t always about bad people doing bad things. Many are the result of good employees making mistakes or of technology failure. SMBs don’t necessarily need a large budget or dozens of employees to adequately protect sensitive data. A secure environment is possible even on a SMBs budget.

REALTIME CAN PUT TOGETHER A GREAT DEFENSE FOR YOUR BUSINESS

Contact RealTime now to discuss a great defense for your business. Email us here or call us at (334) 678-1417.

LET’S BUILD SOME REVENUE USING THE CLOUD…

Do you want to save money and direct your time and energy into boosting profits? We suggest updating your infrastructure to include the cloud.

For a small business owner like you, building and supporting a baseline IT infrastructure that provides reliable 24/7 services to you and your customers can be forbiddingly expensive. Even a wobbly, poorly supported infrastructure can be a budget breaker.

REALTIME CLOUD HOSTING is a great way to eliminate a lot of headaches for your business.

Large capital expenditures, high fixed-labor costs, and endless spending for upgrades don’t have to be your fate. The cloud offers a way out it can not only save you money, it eliminates a lot of headaches and can spur growth and boost profits. Let’s look at just a few things the cloud can do for you.

Capex: Most of the expenses of hardware disappear into the cloud. Servers, cabling, all the redundant equipment needed for backup can be handled by a cloud Service provider.

And more importantly, if you need to ramp up quick for an unexpected surge in business, a cloud service provider can easily accommodate your demands as needed.

Disaster recovery is simplified: While you always need disaster recovery plans, the biggest head- aches disappear. When you handle everything in-house, considerable expenditures arise if you want high reliability. Redundant equipment, fully loaded with software is required in case of hardware failure. Uninterruptible power supplies to support the full load of all your servers and backups can be extraordinarily expensive. And even if you keep a lot of your infrastructure on-site, the cloud can be used as a reliable data backup system

Labor: The cloud can cut and/or re-allocate your IT labor costs. The benefits of the cloud in the area of IT resources are twofold.

First, you eliminate the need for 24/7 resources to support your infrastructure. Even if you have only minimal in-house support, emergency on-call break/fix services come at very high hourly rates, and cannot always respond fast enough to eliminate downtime. Of course, your cloud fees include the labor needed to support your infrastructure, but you are sharing that labor cost with all the other renters. Economies of scale really step in when it comes to labor, and this is a condition a small business can’t create on its own.

Second, when you migrate to the cloud, your in-house IT resources can be re-directed to strategic IT planning for future growth and boost profit. This staff can now be used for innovation, not just housekeeping.

And finally, the cloud isn't blue- It's green. While big server farms use enormous amounts of energy, they are a more efficient method than equipment dispersed in offices worldwide.

Other unexpected benefits: As you move your IT into the cloud, some unseen expenses go away. The extra office space that houses equipment no longer needs to be leased, or can be used to house other revenue producing resources, like a few new salespeople. The electric power to drive it all doesn’t come free, and the cooling power to keep everything from overheating is often an overlooked cost of in-house infrastructure.