Stay in the know. Subscribe to Currents

Cybersecurity On a Budget – 5 Steps to Cyber Risk Resilience

4 Mins read

In a digital landscape teeming with cyber threats, small and medium-sized businesses (SMBs) are at greater risk than ever. Smaller organizations often have fewer resources and weaker cybersecurity measures than their larger counterparts, making them low-hanging fruit for bad actors. Verizon’s annual Data Breach Investigations Report has found that 61% of cyberattacks target small businesses.

Identifying the biggest risk factors and then adopting the best practices and solutions that can make the greatest impact is a good first step for small businesses or resource-constrained organizations. Here are some simple and affordable ways organizations can increase their cybersecurity protections and risk resilience– without a large enterprise budget.

Implement Multi-Factor Authentication (MFA) 

A simple and highly efficient best practice for improving any organization’s security is implementing Multi-Factor Authentication (MFA) for account access. MFA is a security measure that requires users to provide more than one form of authentication to access a service or application. MFA is a proven method to prevent account takeovers. In fact, Microsoft has said it can prevent 99.9% of attacks on your accounts. Several forms of MFA exist with different levels of protection. Using a hardware device such as a Yubikey offers the best MFA protection, but using a software application such as Google Authenticator or a dedicated password manager that stores Time-Based One-Time Password (TOTP) codes also provides top-notch protection. Using SMS is common but offers reduced security due to the risks of SIM swapping and other well-known attacks.

Stay On Top of Software Updates

Updating software is a simple best practice for any cybersecurity program, yet is often neglected. If software is not updated in a timely manner, the risk of being hacked increases significantly. Bad actors can take advantage of unpatched or old software that is not being properly cared for. Leaders should define which systems or software are critical and put a plan in place for updates. Most will alert that patches or updates are available; do not ignore these and encourage employees to update when they receive an alert.

Use Strong, Unique Passwords  

Creating strong passwords is an important step in protecting business data, but is often overlooked. In partnership with S&P Global Market Intelligence, Keeper Security recently found that username-password combinations are still the most widely deployed form of authentication in organizations today (58%). Employees must use strong and secure passwords to prevent hackers from infiltrating critical systems through common attack vectors such as brute force or password spraying. When it comes to password creation, passwords should be at least 16 characters with a mix of uppercase and lowercase letters, a variety of special characters and a random assortment of numbers. Using different, high-strength passwords for every account is also crucial.

A dedicated password manager is an affordable and highly-secure solution to generate and store various work and supply-chain passwords, and provides the ability to safely share passwords internally within teams, as well as externally with clients or contractors. Using a password manager also shields sensitive data from newer password-cracking methods including AI-based password attacks.

Deploy a Privileged Access Management (PAM) Solution 

Many successful breaches involve stolen or compromised credentials and the escalation of privileges via lateral movement inside an organization’s network. Organizations looking to remain secure while on a budget should look at PAM solutions that combine password, secrets and privileged connection management capabilities. In a recent report, 91% of IT leaders said their PAM product has given them more control over privileged user activity, decreasing the risk of insider and external breaches. As the volume and severity of cyberattacks intensifies, organizations need effective, user-friendly solutions to help secure their privileged credentials, accounts and sessions. This may seem overwhelming for organizations without an IT or security team, but working with the right vendor can empower any employee with affordable, easy-to-use solutions for holistic protection.

Create a Culture of Cybersecurity Awareness 

Business leaders must create a corporate culture that prioritizes cybersecurity, and demonstrate a vested interest in the organization’s cyber posture. Additional research found that this is not happening across many organizations, with survey respondents reporting they knew about a cyberattack within their organization but did not think leadership would care about a cyberattack (25%) or would respond (23%).

Not only do business leaders need to show employees that they care about cybersecurity, but they must also prioritize employee education. Regardless of an organization’s size or available resources, employees are the first line of defense against ransomware and other potentially devastating cyber incidents. It’s necessary to educate employees on cyber threats and cybersecurity best practices. For example:

  • Beware of social engineering – From security awareness training and a positive security culture comes an enterprise-wide knowledge of what email links and attachments are suspicious and may be phishing attempts. One of the most common entry points for hackers in organizations of all sizes is stolen credentials through social engineering.
  • Encourage caution for remote workers – The pandemic thrust many organizations into remote working environments where security was shifted off-premises. With employees using personal devices and at-home Wi-Fi, the cyber risk to digital business assets suddenly skyrocketed. For organizations with remote workers, it is important to remind them to always secure their emails, to avoid using free public Wi-Fi and to use a VPN when and wherever possible.

Cyber Defenses on a Budget  

Small businesses and other resource-strapped organizations can shore up cyber defenses and protect against new and emerging threats with simple best practices like having good password hygiene, deploying simple solutions that include multiple capabilities and prioritizing cybersecurity within their company. These steps are key to maintaining a strong security posture– even while on a budget.

Darren Guccione is an entrepreneur, technologist, business leader, as well as the CEO and co-founder of Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software used globally by millions of people and thousands of businesses. Guccione is actively involved in fostering a culture of innovation in his field, having served as an advisor and board member with multiple technology organizations, as well as an advisor for two Chicago mayors. Guccione was named the 2022 Editor’s Choice CEO of the Year and 2020 Publisher’s Choice Executive of the Year by Cyber Defense Magazine’s InfoSec Awards, as well as Cutting Edge CEO of the Year in 2019.

Cybersecurity stock image by Treecha/Shutterstock

Related posts

6 Factors That Can Make or Break Your Business's Online Success

2 Mins read
For small business owners and entrepreneurs, online success is no longer optional—it’s essential. With the rapid advancement of technology and the increasing…

Entrepreneurs Often Make Bad Managers – But There Are Ways to Overcome That

4 Mins read
Entrepreneurs are both curious and impatient, with minds always racing. They are also willing to take risks, following those gut instincts that…

3 Tips for Developing Inspirational Yet Realistic Goal-Setting for Employees

3 Mins read
Goal-setting can be game-changing for small businesses, especially when your employees practice it. It’s a discipline that can keep you and your…