The Avast Red Team's top 5 security tips for SMBs

Stephen Kho 21 Jul 2021

Put these strong security controls in place now to protect your infrastructure, IT systems, and data

I have the pleasure of leading the Avast Red Team, a specialized unit dedicated to protecting our business applications, products and network infrastructures. You could say my team is all business, literally. We keep our clients’ data safe by using offensive techniques for defensive purposes. Specifically, we continually perform penetration testing and security assessments of Avast systems and applications in which we store customer information to minimize the risk of unauthorized access and data breach. But strong, effective security needs more than just advanced technology. It also requires that personnel be trained in security measures and procedures. 

The face of the business world has changed over the last year and a half, but the basic outline for smart security has not. Here is our best advice to help SMBs keep their infrastructure intact, their systems protected, and their data secure. We’ve boiled it all down into five easy security tips. 

Top five security tips for SMBs

1. Implement a security policy framework

This is the critical first step to taking your company’s security seriously. Begin a regime of backups, make sure security updates happen in a timely manner, and utilize multi-factor authentication with your employees. The Australian government’s Small Business Cyber Security Guide contains excellent, clear direction for shaping your own company’s security policy framework. 

2. Protect your endpoints with antivirus software

Use business-grade antivirus and anti-malware software, and make sure all endpoints are covered – PCs, servers, IoT devices, and so on. If it’s connected to the internet, it’s a potential entry point and needs to be defended. 

3. Bring in the experts

Hiring a specialist organization for round-the-clock security monitoring will take a lot of stress off your plate. Cybercriminals are in attack mode all day long. Their algorithms never sleep, so your defenses can’t either. Having a team dedicated to your company’s security also allows you to focus on the other important things. 

4. Train your employees

One of the biggest scams threatening SMBs these days is the business email compromise (BEC) attack. This sneaky ruse relies on social engineering to convince an employee to install malware or click a malicious link. Usually, the attacker will pretend to be a supervisor, a fellow employee, or someone else related to the business and will claim to have some rather urgent information in the form of a link or attachment. Advanced security tech will only take you so far – you must train your employees how to recognize BEC scams and other common ploys used by attackers.

5. Join a risk information circle

Being part of a local risk information circle is an excellent way to stay informed about what’s going on in your sector. It gives you access to the latest security risk intelligence and allows you to prepare defenses for different types of cyberattacks. Less things will catch you off guard if you stay in tune with others in your community. 

Act now to put these security procedures into practice. The key here is not to pick just one of these, but to apply all of them in some form or another. Cybersecurity is important for protecting our homes and personal accounts, but it is absolutely critical for protecting our businesses. 

--> -->