A plea to small businesses: Improve your security maturity

March 11, 2021  |  Lisa Ashjian

Never have I been so compelled to help educate small businesses on the need for cybersecurity. On Saturday morning, March 6, 2021, I awoke to the Wall Street Journal article describing the Hafnium attack. This attack on Microsoft Exchange Servers was shared publicly on March 2nd with a patch for the issue released on Wednesday, March 3rd. This patch appeared to spark action from the hacker who ramped up and automated their attack for maximum scale. Other articles went on to say that 30,000 US businesses were compromised. The worst part- it was mostly small to medium sized businesses. Why was this? Because larger businesses, with stronger and more mature security practices, had the defenses in place to keep this bad actor from infiltrating their company while many small businesses did not.

Cybersecurity is for businesses of any size

Security maturity is not based on the size of the business. Recent research on security maturity and business outcomes found that there is not a dependency on company size in relation to having a strong security posture. “The fact that there is no correlation between company size and maturity level indicates to us that doing cybersecurity well is less a function of resources and more a function of thoughtful consideration, planning, and organizational culture.” – Tawnya Lancaster, AT&T Cybersecurity. Organizations who work to align with industry best practices, such as the NIST CSF, are better equipped to handle zero-day threats as well as enable their businesses. To improve upon a business’s security maturity, there are 4 key categories every business should address: cyber strategy and risk, network security, endpoint security, and threat detection and response capabilities.

Evaluate your cyber strategy and risk

Small businesses want to stay focused on running their business, not necessarily the cybersecurity elements needed to protect it. Employing a trusted advisor to help evaluate where your business is today, and how you plan to adapt and grow to stay competitive, will help  your security measures stack up to the needs of your business now and as your business grows and transforms. A trusted advisor can also assist with evaluating compliance and regulatory requirements as part of achieving a successful security program. Through the guidance of experienced consultants, small businesses can help to  improve their resilience against a growing threat landscape.

Networks should be protected  end-to-end

Every connected network needs proper security elements in place to help keep that network protected. In today’s modern networks, small businesses can simplify their network security by turning to one vendor that can meet both the connectivity needs and security elements needed to help protect that connectivity. And, with proper visibility and reporting, businesses can not only demonstrate their efforts to remain compliant with industry regulations but also their commitment to the customer to help protect their privacy.

Endpoints should be managed and protected

Endpoints are a crucial component of every business and are the doors through which businesses run – both internally and out to their customers. These endpoints need to both be managed, such as pushing out software patches for these vulnerabilities, but they also need to be highly secured with solutions able to detect these zero-day attacks. And it is not just the traditional endpoints such as laptops and desktops that need to be managed and protected.. Mobile devices, such as smartphones and tablets, and Internet of things (IoT) devices also need state of the art solutions designed for  the security of your data on the mobile platform.   

Be able to detect threats and be prepared to respond quickly

Finally, small businesses must detect and respond to threats before there are impacted. Security monitoring can be integrated and centralized across both cloud and on-premise environments. And no one should try to tackle security intelligence completely on their own. Through advanced threat intelligence researchers, such as the AT&T Alien Labs, companies can benefit from managed security services.

Where can a small business start?

Small businesses have access to the same resources, tools, and professionals that large businesses have. It is OK to not be comfortable with the realm of security and you don’t need to be an expert. Start with a simple online assessment to understand where you are in your security maturity. And then turn to a trusted advisor for help addressing the unique security needs of your small business. And it is also OK not to be comfortable managing security elements. Deploy security tools and management policies that stay continuously up to date and push updates automatically to your assets. Better yet, let a managed security service provider monitor your business 24X7 so that you can read this recent Saturday morning news article and know that you had the security measures in place to help you stay protected.

Share this with others

Tags: smb, hafnium

Featured resources



2024 Futures Report

Get price Free trial