Yet it can be hard for small and medium-sized businesses to right size a security strategy for their unique business. A good place to start is understanding your security posture by taking this security assessment, helping you answer these four questions:
How secure are your users and accounts?
In today’s modern workplace, employees work from anywhere on any number of devices. This has been great for personal productivity, but it has also created more possible points of entry for hackers to break in. One of the biggest challenges is to make it easy for your users to connect to the resources they need, from the devices they prefer, while balancing security for your company and its assets.
There are many ways to protect your accounts, but make sure you include Multi-Factor Authentication (MFA), as no password is foolproof. MFA is safer because it requires two forms of authentication to gain access. For example, you can require that users sign in with a password plus either a code generated by an application or a biometric, like fingerprints or facial recognition on a Windows 10 device. Products such as Microsoft 365 Business make it easy to enable MFA for your email, file storage, and productivity apps, adding another layer of defense to your organization’s assets.
How protected are you from threats?
The latest figures show that cybercriminals are increasingly targeting small and medium-sized business alongside big businesses. 41% of businesses with fewer than 250 employees reported an attack in the last 12 months. Fortunately, there are practical things you can do to reduce your vulnerability, and every step makes a huge difference.
Two recommendations that are low cost, or free, include:
- Maintaining software upgrade cycles. If you don’t require that employees keep software updated and patched, consider starting. Whether it is for the operating system, servers, devices, applications, plug-ins, or any other technology, updates will reduce security vulnerabilities. Windows Analytics Update Compliance, a free tool from Microsoft, lets you know which devices are up to date with software updates and security patches.
- You can also increase your security posture through regular employee security training. The onboarding process is a good opportunity to share cybersecurity practices, but don’t stop there. Consider putting a regular security training program in place to remind employees how to detect and report suspicious links, attachments, and emails; avoid malicious websites; and download only verified applications.
How safe is your data?
One of your most valuable assets is your data. Data includes everything from a private document, to personal identifiable information, to sales projections, and more. In all cases, it would be damaging to individuals and your business if it gets into the wrong hands. You need to protect sensitive data where it lives and while it travels.
One way to safeguard critical documents is with encrypted access. Document-level protection helps guarantee that only authorized users can read and inspect privileged data, even when it is sent outside of your organization. This level of protection is available in certain products, such as Microsoft 365 Business, which also includes the ability to notify and educate users when they are working with sensitive data.
How effectively are you managing security?
A strong defense is more than just a set of tools and practices. You need a thoughtful approach to how you manage security. Effective security management will give you visibility into vulnerabilities across all your resources, and it will encourage consistency across your security policies. With a strategic approach you will better understand your current risks and be able to identify opportunities to increase your protection.
A critical component of security management is periodic reviews of user access to data, devices, and networks. People, roles, and responsibilities change over time, which is why it’s good to know what roles have access to what resources. You can use this review to make sure that users have the right level of access, for the right time period, based on their role. For example, someone in HR might need to access the financial services database during a specific project. You can also make sure those that have left your organization or changed role have been de-provisioned, and you can investigate any suspicious activity that is detected.
Evaluate how well your businesses is protected
Unfortunately, it is not just the big brands that must combat cyberattacks. Small and medium-sized businesses are also at risk. We’ve given you a sampling of our recommended security best practices, but there is are still more that you may want to consider.
Take the Security Assessment to help you holistically evaluate how strong your current defenses are and provide specific actionable recommendations that you can put in place, and access recommendations on how to choose technology solutions that increase your employees security and productivity.