Five ways to boost SMB cyber defence so you can focus on growth

Want to boost your cybersecurity? Check out these five ways to strengthen your defences against attacks

Having robust defences in place to protect your business and everything you have worked for, has never been more important or more challenging.

In the past year alone there has been a 300 per cent increase in ransomware attacks, with ONS research showing that two thirds of medium-sized businesses have been subject to at least one cyber attack in the past 12 months, with the average total financial impact of a data breach for SMBs adding up to $105,000 per company in 2021.

This increased threat level has coincided with new ways of working, exposing businesses to added risks. Now, so many (previously office-based) employees are working from multiple locations across a range of work and personal devices, the size of the potential attack space, and resulting vulnerabilities – have increased.

So how can you adequately protect your business from these risks? And do so without sacrificing the quality of the working experience for your teams – or diverting too much valuable time and energy away from growing the business?

Whether you’re an owner-manager or the IT decision-maker in your business, following these five simple steps can take you from a state of security paralysis or alert fatigue to a more comfortable position of proactive security management. Which gives you greater peace of mind and more time to focus on the decisions that matter most to you.

Step one: Seal the gaps

New flexible working patterns can bring real advantages. But having employees working across multiple geographical locations, using multiple connections, also exposes gaps in your security. And there’s nothing hackers and attackers love more than gaps!

Each device used by staff to access your systems is an endpoint – effectively a gate into your world. When an endpoint is left unprotected, it leaves that gate unlocked and open to anyone.

Which makes padlocking your gates or endpoints a real priority. By using an integrated security platform like Microsoft Defender for Business designed to bring enterprise-grade security to companies with up to 300 people – you can secure your endpoints across all devices, in all environments. This leaves people free to get on with their work from anywhere, by stopping attacks before they happen.

Step two: Get an outside expert view

Security risks today are more sophisticated than ever and they’re constantly evolving, making it even more difficult to stay ahead of the game. But you don’t have to do this alone, especially when you have enough on your plate already. So, call in an outside expert for a security assessment, just like you’d call in a building surveyor to check out your building’s foundations.

With Microsoft Secure Score – in the Microsoft 365 Defender portal – you can gain immediate actionable advice on how you can ramp up security across all your devices, apps and identity checks. This helps you prioritise your quickest security wins and gives you a clear checklist of actions to take that will shore up your business’ defences long-term.

Step three: Call in back-up

Even once you’ve started protecting your devices and found the best ways to ramp up your security, you’re never going to be a totally attack-free zone. But you can’t personally stay on alert 24/7 when you’re busy looking after customers, spotting new opportunities and keeping your teams motivated. So, call in back-up, just like the emergency services do.

With a cloud-connected, AI-powered service like Microsoft Defender for Business, your systems can be monitored automatically 24/7, giving you the confidence that you’ll be alerted in real time to any serious or trending threats.

Intelligent, automated investigation, response and resolution of threats also removes the hassle of you being alerted to every single low-priority security risk, freeing you up to grow your business and protect it from more sophisticated threats.

Step four: Move from reactive to proactive

As we all know from looking after our own homes, having an alarm in place to alert you any break-in attempts is essential, but if you can prevent those attacks from occurring in the first place, it’s even better.

At home you might double lock the doors, close the windows and leave a low energy light on. With your IT systems you can do something similar by ensuring you have a system in place that will constantly check all incoming data on your behalf. With Defender for Business, you get proactive protection built-in, with 24/7 human and AI analysis of trillions of signals. Plus, automatic detection of all URLs, incoming files and attachments to disable threats before they have the chance to make an impact.

Step five: Futureproof your security

If you’re looking to scale up in the future, having to onboard multiple new personnel and teams who will be working flexibly across hybrid environments could be time-consuming, or even compromise the security you’ve worked hard to build up, which is why choosing protection that can grow with you is so important.

Using a tool like Defender for Business, with simplified, wizard-driven set up and activated out-of-the box security policies – can significantly reduce the time it takes to configure and manage protection for each device, While also ensuring your malware detection and prevention software is kept totally up to date. You can also rest easy knowing that no matter how fast your organisation grows, all your devices can be protected in minutes rather than days, no matter where they are being used.

We’ve all made a rapid shift to a more flexible – sometimes more challenging – but ultimately more rewarding way of working. Now we must make sure small businesses are moving just as quickly to a more secure way of working. Because only by doing this can we continue to offer greater working freedoms – take full advantage of the switch to the cloud, while mitigating the threat of rising cyber crime – and protect everything we’ve worked so hard to build.

Professor Sally Eaves, CEO of Tomorrow’s Tech Today and chair of Global Cyber Trust, Global Foundation of Cyber Studies, reflects on the current security landscape, barriers and opportunities that lie ahead for business of all sizes:

“It is clear that enabling ‘Security At Any Size’ is a modern day business imperative to protect organisations from SMB to Enterprise alongside their consumers and ecosystem partners from the ongoing escalation in cybersecurity threats. Vectors of risk include the rise of a global cybercrime economy and related services, especially ransomware where the starting price of an attack kit is now a mere $66 – and so significantly lowering cost barriers of entry.

Additional challenges include the increasing scale and volume of attacks from Nation-State Actors, the exponentially larger attack landscape created by OT and IOT Security Convergence and our changing working habits as we move to more hybrid and distributed models, with new behaviours, such as the rise of Bring Your Own Device (BOYD). Disinformation is also emerging as a growing threat which can inject persuasion and psychological manipulation into cyber attack campaigns, fueled by advances in AI, ML and graphics to create deepfakes and fabricate synthetic media. 

In combination, this creates complexity and a perfect storm for cyber disruption. With the resiliency of a business deeply tied to its cyber resilience, a move to always on, proactive security is imperative, especially for SMBs who are typically more prone to attack, but yet have less resource to deal with them. Indeed whilst SMBs offer significant growth and employment value to the global economy they also afford substantial data and ransom value to cyber bad actors, in particular as a route of entry into larger supply chains.

With key barriers to better SMB protection including lack of investment capacity and resources alongside an under-developed shared responsibility security culture and an overall lack of awareness of the technology, training and support that ‘is actually within reach’, protection such as Microsoft Defender for Business could not be more timely. This exemplifies the democratisation of enterprise level security to organisations of any size, helps move beyond reactive to proactive threat intelligence and supports the integration of people, processes, networks, systems, culture, education and technology to consistently improve your cybersecurity posture.”

Microsoft Defender for Business offers enterprise-grade security to SMBs and is a key part of our commitment to ‘security for all’. It’s now available as a cost-effective standalone security solution or as part of Microsoft 365 Business Premium.

If you’d like to find out more about the ways in which Microsoft Defender for Business can help improve your security and productivity in today’s flexible work environments visit aka.MS/SecureSMB for more videos, case studies, information and guidance.

Read more

Cyber security – keeping staff secure when working from home

Related Topics

Technology