Contributed By

DSC_6536

Shena Tharnish

VP, Cybersecurity Products, Comcast Business

View Profile

Building a Cybersecurity Strategy to Protect Your Small Business

November 15, 2019

Build a small business security strategy from the ground up

Small business owners have one primary focus: growing their business. That often means that they wear several hats at once — they’re opening the doors in the morning, working with customers or employees all day, taking care of administrative tasks, and drumming up new business. They are focused primarily on customers and revenue, but often serve as a jack of all trades when it comes to just about everything else, from HR to legal to marketing.

Security at small businesses is an especially underserved function, and you can’t fault small business owners for underestimating the risks. Many of the cybersecurity attacks and breaches we see splashed across headlines happen at huge enterprise organizations.

That doesn’t mean, however, that small businesses aren’t a target to hackers. On the contrary, most small businesses have been attacked. According to the Ponemon Institute’s “2018 State of Cybersecurity in Small & Medium Size Businesses” report, 67% of small businesses said they had been the target of a cyber attack in the preceding 12 months. More than half (58%) said they had been the victim of a data breach with severe financial consequences.

There are real stakes, and the sophistication of modern security threats continues to advance. And while most small businesses won’t be able to pull together the resources of an enterprise security team, there are still key steps business owners can take to begin closing security loopholes and protecting themselves now. It all starts with an end-to-end strategy covering traditional IT security, mobile protection, policymaking, access control, WiFi security, and more. As you build out your strategy, here are the key pillars you’ll want to focus on:

Understand the risk and identify key digital assets: From phishing, ransomware, and malvertising to clickjacking, drive-by-downloads, and software vulnerabilities, there’s an ever-growing list of threats posing a danger to small businesses. Understand the threat landscape, and learn about what a successful attack could mean for your company. From there, identify your key digital assets: from the hubs of your network to the personal devices used by your employees and your customers, take stock of your digital landscape so you can learn how to protect it.

Protect your network access: Take a comprehensive approach, ensuring firewall, endpoint, and WiFi network security. Firewalls are still one of the most effective security measures, monitoring and controlling network traffic and placing a barrier between trusted internal networks and the outside world. Your WiFi network, whether internal or customer-facing, is a ripe target, and vulnerabilities have been found in even the most secure networks. Use a secure router in a safe location and secure keys that require a password to join. Every device on your network, whether company-owned devices or employee or guest personal devices, is also a potential point of weakness. Implement end-point protection on your company-owned devices to continually scan and update for the latest protections.

Safeguard your access credentials: Implement and access control strategy, determining which people within your company need access to which types of data. On top of access control policies, ensure that the credentials of everyone in your organization remain protected. Implement password management and educate employees about the use of strong passwords.

Educate: According to the Ponemon report, 61% of companies said negligent employees put their company at risk for ransomware attacks. Make sure to train employees in basic security practices and codify best practices into policy. Areas of focus include strong passwords and appropriate Internet usage, as well as the proper handling of customer information or other sensitive data.

Ensure that network equipment and devices are updated frequently: The headline-grabbing WannaCry and Petya ransomware attacks in 2017 exploited Microsoft’s Windows Server Message Block (SMB) protocol. A simple update would have prevented infection, demonstrating the importance of patch management to staving off attacks. Implement strict patching policies to make sure users don’t ignore software update prompts or, even better, deploy automated patch management so no human action is needed.

Maintain backup and recovery: Especially when it comes to fighting ransomware, regular data backups are integral. If your data is held captive by hackers looking for payment to grant access, you remove their leverage if you have data backups handy. It’s a best practice to automate this process so you don’t have to rely on individual users to carry out the work.

Outside expertise: Cybersecurity is complex, and it’s hard to get a full grasp of cybersecurity without expert help. Especially for smaller companies, partnering with a managed security services provider (MSSP) can help you get started on the right foot, but even organizations that already have security expertise in house can benefit from tapping outside consultation.

Unfortunately, cybersecurity threats aren’t going away any time soon, and the data shows that small businesses are increasingly in the crosshairs of malicious hackers. Small businesses, even without cybersecurity teams, do have the capabilities, however, to mount an effective defense against attacks.

To protect against costly malware, ransomware, and bots, small businesses need to implement 360-degree cybersecurity measures that include anti-virus programs, firewalls, and network security solutions that proactively protect all devices connected to your network. Learn how Comcast Business’ cloud-based network security solution SecurityEdge™ can provide greater protection so you can focus on what matters most - growing your business.

This article is available exclusively to
Comcast Business Community Members.

Join the Comcast Business Community to read this article
and get access to all the resources and features on the site.

It's free to sign up

OR

Join the Discussion

300 Characters Left





To Comment either Register or Login:


OR

To view the rules of engagement for commenting on Comcast Community click here

network-security

Resource Center

Why Comcast
Comcast Business delivers fast, reliable networking solutions built for business performance and growth

Current Offers
Take advantage of our limited time offers with a customized plan built to give your business an edge over competitors

Community Forums
Find solutions, share knowledge and get answers from customers and experts

Help & Support
Get help and support from Comcast experts

Resource Library
Find out how Comcast has helped clients like you meet their needs with informative White Papers, Case Studies and more

Internet Speed Test
Try the Comcast Business Internet Speed Test to see how your business stacks up

Social Media
Connect with Comcast and join the conversation on LinkedIn, Twitter, and Facebook

Take your business beyond

Fast is the nation's largest Gig-speed network. Beyond Fast is technology that helps business boom.
Learn more about Comcast Business solutions that can help your business perform better.