Top 3 Security Priorities for SMBs

If you are reading this post, it’s probably safe to say you are interested in cybersecurity and are trying to figure out what steps your SMB needs to take to stay safe. In this post, we’ll simplify what is actually a pretty complex subject down to the Top 3 Security Priorities for SMBs. These aren’t the only things you could or should be doing. But there is a fair bit of consensus that these should be your first steps.

Only a Little Worried About Cybersecurity? Read On.

Let’s start with a couple of sobering numbers released by Stats Can earlier this month:

  • In Canada, 21% of businesses reported a cybersecurity incident in 2019
  • Of these reported incidents, 47% targeted SMBs
  • Among SMBs, current investment in cybersecurity prevention, detection, and recovery amounts to less than 1% of total revenue

Long story short: it’s dangerous out there for Canadian SMBs (you can read all about that here), and as a group, they are not adequately prepared for cyberattack prevention or response. And a quick tip: prevention is much less expensive than response.


Priority 1 - Audit, Plan, Educate

Start at the beginning by taking care of the organizational issues that impact your security posture.

That means starting with a security audit (including a security risk analysis) to understand and document factors like company security policies, listing computer hardware and software assets, understanding what data you hold and how sensitive it is.

Step two is to put together a plan to improve your security posture that covers the findings of your audit plus factors like new security technology requirements, data management and emergency response and recovery.

Finally, you need to establish a security awareness culture in your organization by educating your team in cyber awareness. That means training on email security (phishing, etc.), password management, situational awareness (dealing with partners and people outside your organization) and data security at home or off-site. According to a recent survey, employee security awareness is a top 3 priority for CISOs and IT pros at SMBs.

Priority 2 - Secure Your Network

Most SMBs already have a firewall and antivirus in place as their first line of defence. But according to the Canadian Centre for Cybersecurity’s Top 10 IT Security Actions list implementing a Network Monitoring solution is the number 1 recommendation. Today’s security threats often bypass even next-generation firewalls and antivirus solutions. To learn more about why network monitoring should be the cornerstone of your cybersecurity ecosystem, check out this article on Network Monitoring vs. Threat Intelligence. Of course, even with a network monitoring solution in place, you’ll need a firewall and antivirus solution to keep your network safe.

Priority 3 - Patch Your Software

You may think this is basic common sense, and we are wasting your time with Priority 3. OK. Maybe, you’ve got this covered. But the stats tell us that many companies don’t.

According to a recent post on ZDNet, 33% of breaches are due to unpatched vulnerabilities, and only 50% of companies surveyed applied all patches within a week. Another recent survey from the Ponemon Institute found that 57% of the hacked organizations who responded said their hacks were due to vulnerabilities in unpatched software. Even worse, 34% admitted being aware of having unpatched software before the hacks occurred.

So make software patching a priority. Allocate time, resources and budget for it. And monitor to make sure it’s being done.

So, What’s the Next Step?

Curious about how much all this might cost you? Download our SMB Cybersecurity Priorities & Budget Worksheet to get a primer on how to budget for cybersecurity and how much your cybersecurity should cost you.

Find Out How Our Monitored Detection and Response (MDR) Service can Protect Your Network

We’re convinced that after seeing our MDR solution (powered by our CDS network monitoring technology) in action, you won’t want to leave your network unprotected again. So we are offering a 30-day free trial that includes:

  • Fact-finding session
  • CDS configuration
  • 30-day free Proof of Concept
  • First month activity report and recommendations

Email: Freetrial@streamscan.ai

Phone: 1 877-208-9040