It seems like every other day we hear another story about a massive data and security breach at a major corporation or public institution. If you own a small to medium-sized business (SMB), perhaps you think that these types of threats don’t concern you — that your company is too small for anyone to notice or bother with a cyberattack.

Think again.

Cybercriminals are more focused than ever on SMBs as a lucrative target,  They know that many small businesses lack the budget and security knowledge to effectively protect themselves, so they are an easy target. 

During this week’s RSA Conference focusing on information security, Avast Business revealed some troubling data about the state of security for SMBs. Despite all of the high-profile data breaches that made the news in 2017, a majority of SMBs have not done the necessary system updates to protect themselves and their customers.

In our SMB Security Assessment Report, we found that less than 40% of the companies they analyzed had performed all the needed patches to keep their systems secure. Some of the companies had performed some of the updates, but far too few had performed all of the updates.

What updates are we talking about? Many of the major cyberattacks that occurred last year took advantage of known vulnerabilities in the Windows operating system. Once a weakness is discovered, Microsoft issues a security patch update. The problem is, if a company doesn’t perform each and every update, then it remains at risk.

One example is the WannaCry ransomware attack that hit fast and hard in May 2017. WannaCry exploited a known Windows weakness called EternalBlue, a bug that lets hackers execute code remotely through a Windows File and Printer Sharing request. Microsoft had issued a patch for EternalBlue months before WannaCry hit, but any person or business that didn’t perform the update was still vulnerable to the attack.

Hey, we get it. Performing all those updates can be a frustrating and time-consuming process, especially in a business environment where time is money. And the topic of cybersecurity in general can seem so daunting that it’s just easier to ignore it.

We here at Avast feel your pain. That’s why we’ve developed a variety of security solutions for SMBs and IT service providers that deliver enterprise-grade protection, but are easy to implement and easy to manage at a reasonable cost. Our Security Assessment Tool, which is part of our Managed Workplace RMM, can be used by managed service providers to show a business owner or manager exactly where their system is weak and how to strengthen it. In fact, it was this very tool that helped Avast Business create SMB Security Assessment Report, by collecting and analyzing anonymized, sampled data from over 500,000 devices and users across almost 8,000 customer sites, with businesses ranging in size from one to 500-plus users. If you’re attending the RSA conference this week and want to learn more about the new tool, attend our briefing session, Strength in Numbers: Using Data to Facilitate Security Conversations with Your Customers, on Thursday at 11:30 a.m., or drop by Booth #429 for a demo.

Protecting your business from cyberattacks doesn’t have to be difficult or expensive. All you have to do is take the first step with Avast Business, and we’ll take it from there.