Shoring Up Security for Small to Midsize Businesses



Cyber attacks don’t just impact large enterprises – small to medium-sized businesses have become a prime target for malicious actors looking to steal data for personal gains. Read on to learn about the threats facing SMBs and tips for how to protect against them.

As is the case in attacks on enterprises, obtaining sensitive data is the primary objective for cybercriminals when targeting small to medium-sized businesses. Sensitive data can vary depending on the organization, but examples include intellectual property, source code, trade secrets, customer and employee personally identifiable information, account numbers, financial credentials, pending M&A contracts, access tokens and passwords. Cybercriminals will quickly turn the stolen data into profit by reselling it to interested third parties, whether in the cybercriminal underground or to competing organizations.

Spear-phishing is a Top Tactic for Cyber Attacks on SMBs

Sending spear-phishing emails to target employees remains the most common attack method used by cybercriminals to compromise organizations. Typically the spear-phishing emails have malicious attachments, such as a PDF or word document, that exploit common vulnerabilities found in popular programs such as Adobe, Oracle and Microsoft Office. The attackers rely on social engineering and human error to trick users into opening the malicious attachment, which triggers the exploit and infects the machine. Once infected, attackers can install additional malware that focuses on locating and stealing corporations’ sensitive data.

Risk Assessments are Critical to SMB Security Success

Organizations need to understand where their sensitive data is at all times while having complete visibility and control over who’s accessing it and where it’s traveling. This will enable organizations to perform risk assessments across their IT infrastructure, including their physical, virtual and mobile environments. Risk assessments will provide organizations with the insight needed to protect their critical IT assets and sensitive data while hardening any points of weakness. For some small and medium businesses this may sound like a daunting task, but they should leverage their current IT team or outsourced IT service provider to do this. In today’s hyper-security sensitive environment, this type of cyber-risk assessment is commonplace, with readily available processes and methodologies to ensure success.

Outsource to Avoid Security Pitfalls from SMB Resource Shortages

Often times security failures are due to resources and budget restrictions as opposed to making mistakes. SMBs typically do not have the money to purchase additional hardware or implement expensive security products across all areas of their IT infrastructure, nor do they have large IT staffs with dedicated security professionals. But practicing basic system and endpoint hygiene helps improve an organization’s security posture dramatically. For example, improving security education among employees is critical, in addition to ensuring all applications, programs, AV software and operating systems have the most recent security updates installed. Lastly, SMB’s should consider SaaS- (Software as a Service) or MSSP- (Managed Security Service Provider) based security solutions. This model of delivery will provide a much higher level of security at a lower, monthly subscription cost with no additional strain on existing IT resources.

SMB’s are no longer immune to cyber attacks. The list of compromised SMB companies is already long and growing. While budget and resource pressures are intense, system security and data protection can no longer be ignored. At minimum, SMBs must do basic network and endpoint hygiene, like patch management, so they don’t become the “easy targets” that both sophisticated and novice hackers are searching for every day.

Mark Stevens

The Quick Guide to Data Protection Managed Security Services for Midsize Businesses

Use this eBook to learn how to effectively outsource security for your midsize business.

Download now

Related Articles
Why Your Employees are a Bigger Threat than Hackers

Global cybercrime costs could reach $2 trillion by 2019. That’s up 3X from 2015, which was only a paltry $500 billion by comparison. Surprisingly, though, hackers should be the least of your worries.

Sister Act: Medical Peeping Tom Spawns Class Action Lawsuit

A case involving a Canadian healthcare group alleges that patient records were left exposed to a medical assistant and “Peeping Tom” who abused her access to snoop on patients’ confidential data – including information on her sister.

Law Firm Hacks Underscore Third Party Risk

The FBI is investigating attacks on prominent law firms, apparently aimed at stealing sensitive data related to business deals, underscoring the risk of third party data breaches.

Mark Stevens

Mark Stevens is senior vice president, global services at Digital Guardian, responsible for driving customer success across professional services, managed services, and support and training.

Please post your comments here