Worldwide, the volume and frequency of cyber attacks is increasing rapidly. And while the media focus on breaches in large multinational corporations – the reality is that a large proportion of malicious activity is targeted at the SMB market. Since security processes and systems are inherently weak in small organizations, many are the main targets for hackers.

And these consequences can be serious. Research shows that 60 percent of all small and medium companies will go out of business within 6 months after a serious data breach. IT is at the center of operations for most small businesses, so it is important that they have strong security measures in place. For those just beginning the journey to cyberspace, here are some top tips.

Determine current cyber security status

You cannot face a problem until you accept that there is one. Most small and medium enterprises remain unaware of where their data is, who has access to it and how secure it is.

The first thing necessary to determine your cyber security status is to conduct an informal audit. Are the procedures already in place? Are there special areas of weakness? Gather senior leaders and other members of staff and start taking stock of these key data sets.

Handling of inventory

Whether it is customer data, intellectual property or anything else. Start a complete list of each and every digital asset and infrastructure. Only then can you determine their value and prioritize each one.

Adopt a pattern

Once you understand the data you have, the assets you have, and the potential weaknesses – it’s time to build processes that become the basis of a cyber security policy.

This may be the most intimidating step for small businesses. Fortunately, the NIST Cyberspace Framework helps businesses of all sizes better understand, manage and mitigate cybersecurity risks to protect networks and data. The framework is a great place to start as it outlines best practices to help companies decide where to focus the most time and money to protect cybersecurity.

Use all devices as your disposal

Consumerization of IT and the proliferation of cloud services (SaaS) have meant that it is now possible to use security devices that were once prohibitively expensive. SMBs should take advantage of this opportunity and use the entire chain now at their disposal.

For example, mobile device management tools allow companies to properly manage devices and the data they use – even if employees use their devices. Biometrics combined with multi-factor authentication may have been unimaginable a few years ago – but now available in a wide range of laptops, phones and tablets. The use of virtual private networks (VPNs) can also expand corporate networks, ensuring users work remotely or at public hotspots – access to digital assets – but only through a secure encrypted tunnel. Each of these devices is now readily available to organizations of any size.

Educated, educated, educated

Human error is almost always the weakest link when it comes to cyberspace. This is why it is important to always return cyber security devices with a strong training strategy. For a workplace to be safe, it is important that all employees are well educated on every possible hazard.

The more engaged employees are, the more effective training will be – so think of ways to grab their attention. For example, try to expose employees to increasingly complex and hard-to-notice simulated attacks and engage them. This type of education results in employees who are adept at an attacking spot – including suspicious emails that include essential subject lines, fake billing attachments and other social engineering designed to trick staff members Occur.


Interested in learning more about staying safe in an increasingly dangerous cyberspace scenario? See the full list of resources from GlobalSign below.