6 Steps Every SMB Should Follow to Improve Their Cyber Security Posture

If you own a SMB, you may think that a cyber criminal would not be interested in stealing your assets. The reality is, SMBs are being targeted specifically by cyber criminals because they are trying to find the easiest, most vulnerable targets to attack. Maybe your business doesn’t hold the same type of sensitive information as a large business, however cyber criminals are betting that your SMB doesn’t have the same safeguards in place as large companies do. The low-hanging fruit the cyber criminal is looking for is the SMBs as they often lack the technical resources and expertise to maintain strong security defenses.

To help your SMB improve its cyber security posture, here are 6 steps you should take.

  1. Start with a cyber security current state assessment. Before you start the lockdown process, you need to understand what types of threats are out there, and where you are vulnerable to attack. Once you understand what parts of your current state are working, and what areas need to be fixed, you can begin working on step 2.
  2. Find your ‘desired state’ definition for cyber security. What do you think cyber security should look like for your organization? What gaps in the current state need to be addressed? Once you have answered these questions, you can start to build your plan.  You will need to stay on top of this constantly, and sometimes it will need to change and be revised. When it comes to cyber security, it is wise to remember that there is no “final” state, it must evolve.
  3. Document a remediation plan to protect your vital assets. You will need to document exactly how you will close security gaps and keep the attackers out. While it may seem like a huge undertaking, understanding what your most important assets are will help you know where to put the most resources and effort.  With the remediation plan, you will know which areas are critical to target first.
  4. Create and follow a formal cyber security policy. And ensure your entire company knows what it is and what the expectations are. Be sure your policy includes strong passwords, remote access, and an intrusion response plan. Be ready to update policies when technology and situations change. For example, with COVID-19, many cyber security policies didn’t address working from home. If you have a policy and haven’t updated it to reflect this change, you should do so. 
  5. Conduct a yearly or semi-yearly audit & penetration test. Threats and technology change so we must be able to respond and validate the soundness of our defenses regularly. Remediate any weaknesses found during the audit and penetration test. Use those results to update steps 3 and 4.
  6. Work with reputable cyber security professionals. If your core business is not cyber security, then it is wise to engage cyber security experts to help you implement some or all of these steps. It’s best to look for professionals who have a proven track record with SMBs.

While cyber security may not be your core business, it is an important part of your business.  Thankfully, there are Managed Security Services Partners (MSSPs) who can help you ensure that your cyber security isn’t overlooked.  Uzado is an MSSP that can help an SMB like yours improve your cyber security posture.