News / Articles


Network Security: The SMB Guide

By: Erick Solms


It's easy for small business owners to think that no one would ever try to attack their networks. Unfortunately, the statistics prove that attacks on small businesses happen more often than you'd think. And, the results can be devastating. Protecting your business takes a combination of technology and employee education.

What Is Network Security?

Network security is a strategy that every business needs to protect its network and systems from cyber-criminals. These criminals will use any vulnerability to steal your confidential information, or disable the systems that make your business run.

An effective network security strategy defines multiple layers of hardware and software security. The strategy must also address educating employees and partners. This will help to avoid the human errors that can create vulnerabilities.

Are SMBs at Risk?

The short answer is yes. A recent report indicates that network security breaches have affected 53 percent of SMBs. And, while 39 percent of the companies spent less than $100,000 to repair the damage from a breach, 20 percent indicate that the costs ranged from $1–2.5 million.

In either situation, an SMB may have trouble staying afloat after a costly breach. According to research conducted by the Better Business Bureau, one-half of SMBs reported that losing essential data would make them unprofitable after only one month.

Can you think of another threat that could close down your business so quickly? If you can, the odds are you are aggressively protecting your business against that threat. And, you need to approach network security with the same aggressive action.

The Top Network Security Challenges for SMBs

The Enterprise Strategy Group (ESG) conducted a survey of IT professionals who work at SMBs. The professionals identified the following challenges facing their businesses.

Lack of Formalized Cyber-security Processes

Just over one-quarter of the respondents (28 percent) cited their lack of ability to fend off network security threats. They are handling cyber-security using manual procedures or informal processes.

Disconnected Cyber-security Tools

The respondents cited the various types of informal tools that were in use. Twenty-seven percent of the respondents found managing such a range of standalone tools to be a very complex task. As a result, they don't have a cohesive network security strategy.

Lack of Management Support

The biggest challenge for 27 percent of the respondents is how the organization views cyber-security. It's difficult to obtain funding or support for strong cyber-security measures if managers don't appreciate the threat.

Lack of Organization-Wide Training

Many organizations don't recognize the impact of human error on cyber-security. In fact, 35 percent of respondents cited human error as the biggest contributor to security breaches, and 25 percent said that lack of training is their biggest challenge.

Human error most often occurs outside of the IT department. For example, an unsuspecting employee in accounting may open an attachment to what looks like a legitimate email. If that email is actually from a cyber-criminal, opening it starts a cyber-attack that can have devastating results.

Lack of Trained Defenders

Twenty-four percent of respondents don't believe that their organization has the expertise to address sophisticated threats. In many cases, SMBs are turning to Managed Service Providers (MSPs) to provide that expertise without the cost of hiring full-time experts.

Network Security Solutions

Network security solutions need to address a variety of threats to your system. Some of the most common threats you need to protect against include the following:

To protect your business, you need to design, fund, and implement a network strategy that includes the following critical tactics.

Use Up-To-Date Firewalls

Firewalls are your first line of defense. External firewalls are a good place to start. But, there are even more threats internally. Think about mobile access to your network. More employees are working remotely. Bring Your Own Device (BYOD) is another growing trend. Make sure to protect all remote access devices, and update the firewall software often.

Develop Regular Update Procedures

Cyber-criminals are very good at finding new ways to breach systems. As a result, vendors update their software regularly as they discover new vulnerabilities. It's critical that all devices, including office computers, get updates to software applications, antivirus software, and internet browsers as soon as new updates becomes available.

Develop Advanced Password Policies

There is a lot of press about choosing passwords. Software vendors try to help users by requiring long passwords that include a mix of numbers, letters and symbols. Unfortunately, even in 2018, people are ignoring the issue. For example, SplashData publishes an annual list of popular passwords, and these are the first five winners for 2018:

  1. 123456
  2. password
  3. 123456789
  4. 12345678
  5. 12345

When more digits are necessary, it seems that many people simply add more numbers in sequence. These types of passwords can be easily hacked by cyber-criminals. That leaves the individual and all the systems they access vulnerable.

A strong password doesn't use any words that appear in the dictionary. People should also avoid things such as birth-dates, anniversaries, or street addresses. Your systems can help you by setting requirements for passwords that include the length of time a password can remain in effect.

Restrict User Access

Too many businesses give every employee the same access privileges. That is the easiest way to assign access, but it leaves your company extremely vulnerable. Most employees won't know how to find sensitive information. But, a cyber-criminal can figure it out in a heartbeat. Unrestricted access just gives the criminals a large group of potential points of access.

Take the time to review who needs access to information and set up a hierarchy that will protect your most sensitive data.

Conduct Penetration Testing Regularly

You need to find the places where your systems are the most vulnerable. You can then plug those holes before someone with malicious intent finds them. Running scanning tools and doing your own penetration testing will help you spot and manage possible threats.

Educate All Employees

The breaches that happen through human error can happen anywhere in your organization. Educate all employees about how important network security is to the business. Train employees to spot suspicious emails and popups.

Educate on new ways criminals are gaining access. For example, they send a Facebook message that looks like it's coming from a friend. Once one person lets a criminal in to their account, the criminal can send the same message to everyone that person knows.

Final Thoughts

It's unfortunate that cyber-criminals are making everyone worry about network security. The fact is that it's a threat that is here to stay and is getting worse as time goes on.

About half of SMBs have experienced a cyber-attack. Cyber-criminals consider SMBs as prime targets for two reasons.

  1. To date, SMBs have been less aggressive about network security than enterprise businesses.
  2. Many SMBs have relationships with enterprise businesses. That makes them an excellent gateway into even larger organizations.

Back ↵