It’s easy to see the value in preparing for emergencies, yet when it comes to cybersecurity, this is still a top challenge for many small and medium businesses (SMBs). Small businesses often lack the time, budget, and resources for a proactive defense, creating a perfect scenario for cyberattacks. According to research in the 2019 Verizon Data Breach Investigations Report, the largest percentage of security breach victims are once again small businesses.

Consider this – 80% of SMBs recently cited IT security as a top priority, but nearly one-third are spending less than $1,000 on cybersecurity annually. In July, another study revealed that nearly half of SMBs have no response plan for a cybersecurity incident and 43% do not have a recovery plan. 

If you’re a small business or a company without dedicated IT resources, these statistics may be the wake-up call you need.

The reality is that each day, small business networks are subjected to risk. An employee could access files from an insecure location. A partner or vendor could mistakenly click on a realistic-looking email that appears to be from a team member and unknowingly launch malware. An outdated software application could present a vulnerability that enables unauthorized access.  Protecting your attack surfaces – all of the elements in your IT environment where vulnerabilities and threats could lead to unauthorized access – is critical for a proactive defense.

Moving from ‘break-fix’ to proactive security

According to AV-TEST, there are now a record-breaking 900 million malware programs, and growing. Waiting until cybersecurity measures are urgently needed before action is taken – what we call a “break-fix approach” to IT – simply can’t keep pace with today’s cyberattacks.

North Carolina-based Computer Geeks started providing IT and security services in 1995 and now more than 40% of the business is focused on ensuring SMBs have proactive security measures in place. Says Service Manager Bill Doane (pictured), “You can say we have moved from fighting fires to preventing them — as we can now plan, deliver, and bill for security services much more efficiently. And our customers have greater peace of mind.”

Preventing SMB cyberattacks and educating businesses about security best practices are Bill’s top priorities. His team has also started offering free cybersecurity classes to help new clients understand why antivirus, patching, password management, and other security services create a better defense. “Some small businesses believe they are protected with a free antivirus solution or assume that USB drives are always going to keep their data safe, and that’s not the case. SMBs must put a higher level of protection in place,” he explains. “Our job is to not only help them understand this, but also provide the best solution for their budget.”

Reactive security and the risks

It just takes one cyberattack on a small business network to result in a loss of sensitive data and expensive recovery – or worse, to interrupt daily operations. In fact, 40% of SMBs experienced eight or more hours of downtime last year following a security breach.  Cybercrime can not only suspend your daily operations, it may even impact how you retain and pursue customers.

When a fire broke out at one of his customer’s facilities, the value of proactive security rang clear for Frank Zamarelli (pictured). Having recently shifted to a preventative security strategy for his Salem Computer Center customers, Frank was prepared. “Our grain mill customer’s operations burned to the ground. Fortunately, because we had them set up with cloud backup services, we had their data and systems fully restored quickly. I remember they were still able to do payroll that week,” he shares. “When you can fully recover a company’s IT infrastructure after a devastating fire, that says a lot about proactive service.” 

Like Bill, Frank takes advantage of Avast Business CloudCare with its multiple cloud-based security services from one platform. “With every new server installation we do, we upsell the CloudCare Backup Service. Some customers believe they are protected with external drives but this won’t help you if your building burns down – unless your backups are offsite,” says Frank. 

Take steps to improve your cybersecurity defense

Taking steps to protect your data, devices, and people with security measures that create a strong defense will pay off in multiple ways. The advantages include reduced administrative time, costs avoided for expensive recovery, business continuity, improved customer service, and peace of mind.

A layered approach is the best way to tackle a proactive security strategy. By building in security layers such as antivirus, firewall, and other services, you can ensure strong protection and a continual defense if one layer should be compromised.

Here is an example of security services that provide layered, proactive protection:

Protection for data

• Content filtering: Content filtering helps you regulate your employees’ use of the web. 

• Email encryption: With end-to-end encryption, only the sender and receiver with a decryption key can view the content of the email and any attachments.

• Data loss prevention (DLP): A DLP solution prevents end users from sharing sensitive data outside your network by regulating what data they can transfer.

• Backup and disaster recovery (BDR): A solid BDR solution will help you restore operations quickly and avoid downtime and recovery expense.

Protection for systems

• Antivirus: Installing and monitoring antivirus on all devices – from PCs to mobile phones – is critical to reducing your attack surfaces.

• Patch management: All software systems come with vulnerabilities, but they can be resolved by installing patches and by keeping the software up to date.

• Vulnerability scanning: Automatic scans for vulnerabilities should be done regularly and include the status of antivirus software, password policies, and software updates.

• Web server hardening: Web servers, often sitting at the edge of your network, can be more vulnerable to attacks. Proper hardening ensures default configurations are changed and that certain services and displays are disabled. 

Protection for employees

• Secure authentication: Defining password policies and using single sign-on, multi-factor authentication are good first steps.

• Secure remote working: Remote workers need a VPN connection to your network that encrypts all traffic to provide them with secure access to company data and applications.

•  Security processes and policies: Define the data that needs protecting and those processes. Make this information available so everyone understands their role in keeping the business safe.

• Security training: It’s critical to educate your employees on ways to protect themselves and the company, for example by creating strong passwords and recognizing phishing scams.

Looking for more information about proactive security? Our Avast Business team can help. Reach out to our team today and start realizing the advantages.