As bigger businesses start taking their cyber security more and more seriously, the need for small businesses to follow suit becomes even more urgent. Nearly half of small and midsized businesses (SMBs) have been the victim of a cyber attack, and 71 percent of security breaches target small businesses.

Yet, many SMBs still believe they are not vulnerable to data breaches because of their size and limited assets. But the fact is, as larger companies beef up their defenses, those who wish to steal sensitive data are taking advantage of businesses that may lack the knowledge and the resources to keep their digital assets secure.

Grid for success

In 2013, the National Institute of Standards and Technology (NIST) established a framework for reducing risks to the nation’s critical infrastructure. The framework takes a “best practice” approach to analyzing and mitigating risks and recommends five steps that any sized company can take for addressing cyber threats.

The five steps are:

  • Identify: Inventory your most valuable assets—the “crown jewels” that are of greatest importance to your business and would be most valuable to criminals, such as employee, customer and payment data.

  • Protect: Assess what protective measures you need to have in place to be as defended as possible against a cyber incident.   

  • Detect: Have systems in place that would alert you if an incident occurs including the ability for employees to report problems.  

  • Respond: Make and practice an incidence response plan to contain an attack and maintain business operations in the short term.

  • Recover: Know what to do to return to normal business operations after an incident or breach, including assessing any legal obligations.

Daily improvement

On a day-to-day basis, businesses can improve their online safety practices by following these tips:

  • Keep a clean machine: Having the latest security software, web browser and operating system in your business are the best defenses against viruses, malware and other online threats.

  • Protect information: Secure accounts by adding two-factor authentication and making passwords long, strong and unique.

  • Protect the company’s online reputation: Set security and privacy settings to your comfort level of sharing.

  • Educate employees: Teach your employees basic best practices. For example, if an email, social network post or text message looks suspicious—even if you know the source—delete it.

Businesses should always focus on creating a culture of cyber security, keeping protecting the business top of mind for employees.