Attention: This is a site-wide announcement. Explore more of our templates at the Medium Rare Shop
Insight

Effective Tips from Tech Experts

Even when operating with small staffs and budgets—and often, no tech professionals—small-business owners cannot overlook cybersecurity. A data breach at a large, established company is a crisis; for a small business, it’s likely a catastrophe.
April 14, 2023

Even when operating with small staffs and budgets—and often, no tech professionals—small-business owners cannot overlook cybersecurity. A data breach at a large, established company is a crisis; for a small business, it’s likely a catastrophe.

Fortunately, there are simple, affordable steps and resources that can help even the smallest business harden its cybersecurity posture. Below, 20 industry leaders from Forbes Technology Council share their advice to help small-business owners begin the ongoing work of managing cybersecurity.

1. Prohibit Access To Personal Apps And Non-Business Sites

My recommendation is that businesses prohibit users from accessing both personal apps and non-business sites. Organizations likewise need to install reliable and proven endpoint detection and response (EDR) technology. Assuming limited budgets and minimal IT staff, there’s no approach that’s as simple or effective. - Adam Stern, Infinitely Virtual

2. Outsource Key IT Systems

Look to outsource key IT systems as much as possible to more established platforms so that you’re not responsible for securing everything in house. Many years ago, we switched from an on-premises email system that we had used for many years to Google Workspace—it was much easier and less risky for us to take on. Similarly, for payroll and finance, we moved to leading software as a service platforms from Intuit. - Adam Sandman, Inflectra Corporation

3. Utilize A Password Manager And MFA

Utilize a password manager with multifactor authentication (MFA) to organize and create secure passwords. Using this technique can single-handedly increase your cybersecurity posture for very little effort. - James Beecham, ALTR

4. Embrace The Cloud

Use cloud services as much as possible. Cloud vendors offer built-in security services and take the burden of figuring out how to implement cybersecurity technologies off small businesses. Focus on what you do best, and leave cybersecurity protection to the experts. - Saryu Nayyar, Gurucul

5. Educate Your Team On Phishing

I empathize with small-business challenges. My top “DIY” tip? Educate your team on phishing. Many breaches come from basic email scams. Take an afternoon, grab some coffee, and have a chat with your team about recognizing suspicious emails. Remember, cybersecurity isn’t just about tech; it’s about awareness! - Arun Kumar, Revature

6. Audit And Remove Unused Accounts And Services

Regularly audit and remove unused accounts and services. Many breaches exploit overlooked, inactive user accounts or services that are still running on systems. By routinely identifying and eliminating these, you significantly reduce potential entry points, minimizing your small business’ vulnerability. - Rob Tillman, Copy Chief©

7. Keep Security Software Updated

One of the best cybersecurity tips I have for small-business owners without a full-fledged tech team is to make sure your security software is up to date. If you don’t regularly check for updates, your site could become vulnerable to an attack. Automatic updates are extremely helpful, but you should always manually check at least once a week. - Thomas Griffin, OptinMonster

8. Form Cybersecurity Partnerships With Other Small Businesses

Encourage small businesses in the community to form cybersecurity partnerships. In this buddy system, neighboring businesses can share information about recent threats, vulnerabilities or suspicious activities they’ve encountered. Sharing insights and experiences can help everyone strengthen their cybersecurity posture without needing a dedicated tech team. - Jagadish Gokavarapu, Wissen Infotech

9. Change All Passwords On A Regular Basis

Make sure to change every password periodically. Since you might not know if and/or when one of your accounts is compromised, one of the most straightforward solutions is to change all passwords for all accounts and all users every couple of months. Make sure that the system logs all users out when updating and that they can only log back in by entering their new passwords. - Nacho De Marco, BairesDev

10. Explore Multiple Vendor Options

Talk to more than one vendor before you buy. Small-business owners are often underequipped with the knowledge they need to buy the right products, and fear-based decision making lends to unsavory sales tactics or sales. Always get more than one opinion to validate a solution. - Daniel Knauf, Material+

11. Research Security And Compliance Tools

Many small businesses don’t even know where to start when it comes to cybersecurity. There are numerous affordable security and compliance tools that can provide a framework and the templates for policies that can then be used to build an action plan. You don’t have to be compliant from the start, but these policies will help you know where you want to get to in the future. - Patti Mikula, Hackworks Inc.

12. Tap Into Free Government Resources

Attempting to manage cybersecurity can seem overwhelming. First, get educated, because awareness is the foundation of cybersecurity. Free government resources are available, such as the “Cyber Guidance for Small Businesses” page on the U.S. Cybersecurity & Infrastructure Security Agency (CISA) website and the Canadian Centre for Cyber Security’s “Cyber security for small business” page. Small-business owners can use this information to make informed decisions that fit their risk context and budget. - Altaz Valani, DevSecOpsMentor.com

13. Regularly Update All Software And Applications

In the digital realm, where threats are omnipresent, small-business owners can enhance their cybersecurity substantially by regularly updating all software and applications. This simple step thwarts cybercriminals who exploit outdated systems, safeguarding vital business data from breaches and fostering a trustworthy relationship with customers. - Miguel Llorca, Torrent Group

14. Host Regular Cybersecurity Training Sessions For Staff

One effective tip for small-business owners is to regularly educate and train their staff on cybersecurity best practices. Hosting monthly or quarterly sessions to discuss the latest threats and teaching staff how to recognize and report suspicious activities can significantly enhance your business’ cybersecurity posture. - Sandro Shubladze, Datamam

15. Establish Baseline Expectations For Employees

One of the first steps in ramping up security postures is creating and implementing policies (including acceptable use, access control, media protection and physical security) that establish baseline expectations for employees. Before investing in tools and tech, consider adopting an existing model—such as NIST 800-171, NIST CSF or ISO 270001—for a proven, logical and comprehensive pathway to true protection. - Neil Lampton, TIAG

16. Change All Default Passwords

What I see most often is bad or default passwords on routers or firewalls or missed security steps. “Easy” networking doesn’t mean just plug it in, and let it work; you still must pay attention to all the security elements that router manufacturers provide. The very first thing a bad actor will do is look to see if you have failed to change the password or turn on the default security. Take the time to think like a bad guy! - Jim Parkinson, North American Bancard

17. Purchase Cyber Insurance

Get cyber insurance, especially if you are not a technical founder. This allows you, your customers and your business to be made whole to a large degree if something ever happens. In today’s environment, it is hard to be and remain 100% bulletproof forever. Having insurance in your cybersecurity toolkit to protect your business, regardless of how a cyber crime occurs, is key. - Michael Gargiulo, VPN.com

18. Automate Routine Tasks And Maintenance

Automation is key. Installing updates, creating new user accounts or backing up machines are tasks a computer can simplify or completely take over. Thus, even with no dedicated professional around to manage day-to-day execution, best practices are followed, and necessary tasks are done. Even with a small staff, automation allows people to focus on developing IT to serve the business instead of serving IT. - Kevin Korte, Univention

19. Build Security Into Operations From Day One

Small-business owners must understand that they must build security into their operations from day one—including in terms of hiring, culture, policies, infrastructure, training and more. It cannot be a second thought that comes after all other priorities and activities. You must take the time to understand what is critical to your operations and prioritize the protection of critical functions. - Christine Halvorsen, Protiviti

20. Don’t ‘DIY’ Cybersecurity

Businesses worth building are worth protecting. Small-business owners can’t afford to “DIY” their cybersecurity. Cyberattackers and adversaries are sophisticated and dedicated. Businesses need a partner that brings the same level of dedication and thinks of cybersecurity holistically as a system platform, not just a check-the-box solution. - Mike Lefebvre, SEI

Article was originally published on Small-Business Cybersecurity: 20 Effective Tips From Tech Experts (forbes.com)

Let us be your Zavior!

It's time we make amends with compliance and take foundational steps for our business.

“Compliance is just a subset of governance and not the other way around.”

Pearl Zhu
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Don’t worry – we don’t share your data.