Small business network security in the age of cyberattacks
Sometimes it feels like the world is against you as a small business owner. From evolving public health restrictions to the increasing cost of materials and shipping to the ongoing impact of the Great Resignation, there’s no shortage of challenges. It’s no surprise that 66% of Canadian small business owners are “close to burning out.” On top of all that is the rising threat to network security for even the smallest of companies.
78% of Canadian small businesses reported cyberattacks in 2020. By 2021, this number had jumped to 85.7%.
With more SMBs making the move to online sales and service to keep pace with evolving customer demands, this presents a serious problem. If networks are breached and data is lost, companies could find themselves facing:
- Revenue loss
- Regulatory fines
- The loss of market reputation at a time when word-of-mouth is more important than ever
In this piece, we’ll tackle the technical details of small business risk, talk about what effective security looks like, and offer a step-by-step guide for better network security.
Related: What the future holds for Canadian businesses
Unpacking the risk to small business
When it comes to small business network security, several factors have conspired to increase total risk.
First is the uptick in remote work. While the initial shift to offsite staffing was born of public health necessity, employees have enjoyed the ability to better balance work and personal responsibilities.
As noted by a December 2021 Ipsos poll, 88% of staff say they enjoyed working from home during 2021, and 56% don’t want to head back into the office full-time.
But while remote work offers benefits for staff, it also comes with network security challenges for small ventures.
Rather than operating under secure corporate networks (i.e. inside an office), employees often use personal networks and devices which may expose company data to prying eyes.
There’s also an increased risk of insider threats, which occur when workers inadvertently share company data or post secure information on public sites.
A perfect storm
And then there’s the worrisome trend toward smaller cybersecurity budgets for SMBs.
The Insurance Bureau of Canada reports that the number of businesses spending nothing on security rose from 33% in 2019 to 47% in 2021. This despite the ongoing impact of pandemic operations.
And this sinking spending couldn’t come at a worse time: Over the past two years, cyberattacks on SMBs have increased by 150%. In part, this is tied to the number of businesses making the move online, but it’s also linked to the budget data above.
As a result, there’s a greater chance of malware, ransomware, or phishing attacks succeeding. Even if the payoff isn’t huge, these attacks act as proof-of-concept for hackers, who then launch them against big enterprises.
Add in the fact that Canada is on “high alert” for cyberattacks from countries like Russia, and the result is a less-than-ideal security environment for SMBs.
What does effective network security look like?
When it comes to creating an effective network security plan, three components are critical.
First, small businesses need to discover what’s on their network and what they need to do about it. This discovery process includes all devices connected to your network, both those in-office and those used remotely, along with all applications that run on your network.
This discovery process is critical because in many cases, there are apps and services in use on your network that haven’t been approved by anyone. The numbers don’t lie: 80% of staff say they’ve used software-as-a-service (SaaS) apps at work without getting permission first.
Next, you must identify where you’re at the greatest risk.
Is your business still using single-factor authentication, such as usernames and passwords?
This is considered a bad network security practice because it only requires matching one factor to a username to gain access to a system.
If a hacker gets this information via social engineering or a phishing attack, they could gain access to services across your entire network.
By adding two-factor authentication with one-time codes or authenticator apps, you can reduce the risk of this threat.
Finally, businesses need to create a network security response plan. This goes beyond tools and technologies to describe the people and processes required to effectively respond.
For example, an incident response (IR) plan might include a call-out list that specifies who to contact in what circumstances and what aspects of the response are their responsibility.
Network security for small businesses: A step-by-step guide
It’s one thing to understand the need for better security, and even get a general understanding of what that looks like. For SMBs, however, it’s another to effectively implement network security across the business.
Not sure where to start? We’ve got you covered with our step-by-step guide.
Step 1: Find out where you’re at risk
The first step is finding out where you’re at risk. Here, risks include everything from unpatched software tools to known vulnerabilities, such as those responsible for large-scale attacks like Heartbleed or Shellshock.
You also need to consider user devices.
What access controls and permissions do you have in place to ensure the right people have the right access to the right data?
Here, it’s worth partnering with a trusted security provider to conduct a complete network evaluation.
Step 2: Assess the potential impact
What happens if attackers breach your network? What data is at risk?
What would an hour of downtime mean to your business and your revenue? What about a day or a week?
By taking the time to assess potential impacts, you can prioritize where security efforts are best focused.
Step 3: Classify your data
Not all data needs the same level of protection. For example, publicly available data used for trend analysis or sales forecasts don’t represent a large risk if leaked.
Intellectual property (IP) or proprietary product data, meanwhile, could cost your company tens or hundreds of thousands of dollars.
By classifying your data based on potential risk, you can implement strategies such as encryption and access control to limit the possibility of a successful attack.
Step 4: Act on specific solutions
Armed with a picture of your network, it’s time to take action. These may include:
- Next generation firewalls designed to analyze internet traffic and flag suspicious requests
- Runtime application self-protection (RASP) tools that can automatically shut down software if threats are detected
Small businesses are also well-served by introducing cloud-based security tools that are regularly updated to account for evolving threats.
Step 5: Regularly reevaluate your security posture
Finally, it’s critical to remember that security is never a solved equation. Regular re-evaluation of your security posture, tools, and responses is essential to ensure that defenses are keeping pace with attacker efforts.
Keeping your venture safe and secure
The changing landscape of remote work, increasing attack efforts, and evolving impact of cyberattack threats have created a perfect storm for small business security.
Even as SMBs look to find their footing in a post-pandemic world and get revenues back on track, they find themselves face-to-face with a host of emerging security threats.
And while there’s no silver bullet to stop every attack, there are steps you can take to reduce your total risk.
By pinpointing potential vulnerabilities, understanding their impact, prioritizing data that needs the most protection, implementing effective solutions, and keeping tabs on security outcomes, SMBs can address at least one major source of stress. Network security.