For network operations, Cybersecurity is the #1 most important factor for Small and Mid-size Businesses (SMBs) today. Since COVID moved many employees across most professions to a ‘Work From Home’ (WFH) status, cyber-attacks, and specifically Ransomware, have risen exponentially.

The types of IT Support and Services models used by SMBs varies greatly among the IT Support Los Angeles Community, which encompasses a range of IT consulting services which serve the smallest to the largest of enterprises. A two-person office will most likely not use a Managed IT Services firm, but rather a ‘Break & Fix’ (B&F) occasional IT services ‘guy’.

If your small business uses a ‘B&F guy’, most likely your network security needs are served only at a minimal level – your firewall and Antivirus (AV) and the security patches and updates for your Operating System (OS) are probably kept up-to-date – although taking that for granted is a huge mistake. In speaking with the owners and administrators of small businesses across the Southland, we hear this question far too often:

Do small businesses need Cybersecurity?

The answer is obvious: Yes, of course. Over 80% of all cyber-attacks and data breaches per year are aimed directly at SMBs. Another thing we at IT Support LA hear all too often is: “I’m too small for cyber crooks to want me.” NO – YOU ARE NOT. Like Goldilocks and the Three Bears, the echelons within the criminal underground range from the predominance of crooks are small and go after small, easy targets – SMBs – major corporations are ‘too big’ for them and their areas of expertise – they sit in Baby Bear’s seat. Only a few major hackers make the news by going after victims like FedEx or the Colonial Pipeline – they sit in Papa Bear’s seat.

In effect, most cyber criminals are looking for you, and they will find you sooner or later and hit you for an amount of cash (in Bitcoin) that is more damaging to your business than the 5 Million Dollars that were extorted from the Colonial Pipeline. Colonial will survive, whereas you may not.

How can small business improve cybersecurity?

If you do not have a Managed IT Services firm looking after your network, there are a few common-sense steps that can be taken that won’t break your bank. The FCC goes into detail about these steps HERE, but in a nutshell, follow this outline:

1) Keep all Firewalls, AV, and security patches up-to-date. Microsoft regularly sends these updates. Make sure your network is configured to have these updates performed automatically. Ask your IT support provider to do this or show you that it is being done. These updates MUST include your Operating System. For example, if you are still using Windows 7, your network is just waiting to be invaded since Microsoft stopped security updates for this platform long ago.

2) Backup data. Even with preventive measures, if Ransomware locks up and encrypts your data, your backups are your ‘Get Out of Jail Free’ card. You should NEVER pay a ransom. Just shut infected devices down, wipe them clean and reinstall the data from your backups. Done!

3) Encrypt your data. This is easy to set up to happen automatically. A data breach will be unsuccessful if the hacker is unable to read your data.

4) Strong passwords. Honestly, nobody really likes having to remember passwords, so many people either use one that’s child’s play to crack – such as ‘1234’, or use the same password for everything – once the hacker cracks one, they have the keys to every door in your kingdom. Read our page on ‘Creating Strong Passwords’. Also, use a Password Manager – you only remember the password for the Manager, and it contains your passwords for everything else.

5) Use Multi-Factor Authentication (MFA) after the password is entered. Beyond questions like ‘What’s your mother’s maiden name’ or the like, other steps like sending a verification code to another device, thumbprint or even retinal scans add extra layers of protection.

6) Protect mobile devices. These are often the weakest technological link. Extend all Cybersecurity measures to all mobile or remote devices, whether company-owned or ‘BYOD’ (Bring Your Own Device). These connections are usually the first that cyber crooks examine for signs of weakness.

7) Pay attention to physical security. Aside from network protection, make sure your workplace is secure. No one should be able to walk in the front door unsupervised. Important information should not be left out in the lobby. Shred all business documents before taking them to the trash. Install security cameras.

8) Secure WiFi - both in the office and for field workers. With WiFi, your data is traveling through the air, where it’s easier for a crook to grab. Do NOT let your employees in the field use ‘free’ WiFi, like at Starbucks.

9) Delegate and limit employee access to data. All data should be on a ‘Need to Know’ level. Everybody does not need to be able to see everything.

10) Security Awareness Training. This is THE most important step. All of your firewalls, AVs, and passwords are useless if an untrained end-user falls for an email ‘phishing’ scam and either clicks a bad link or opens a malicious attachment. This bypasses all of your Cybersecurity and opens the door for malware to enter your system. Once is not enough – remedial training twice a year is the minimum.

Frequently Asked Questions

Q: What are the different types of data backup locations?

Q: Local Backup Cloud Backup Cloud to Cloud Backup

A:Phishing is an email scam where the criminal pretends to be a trusted contact to entice you to click on a link or open an attachment which then releases malware into your computer and network.

Q: What are the top 4 cybersecurity threats facing small businesses?

1: The first is YOU – if you do not take the threat seriously or are otherwise unprepared for it.
2: Ransomware – The most prevalent and fastest going threat in the world. Once in your system, they encrypt your data so you have no access to it and demand a ransom for a decryption key.
3: Phishing – the main reason why Security Awareness Training is vital.
4: General Malware. Ransomware is just one type, but there are many types of malware, and they predominantly depend on Phishing attacks to gain entry to your network – for a variety of nefarious reasons.

Q: Is security awareness training effective?

A: According to Proofpoint, even the most minimal investment in security awareness training has a 72% chance of reducing the impact of a cyber-attack on a business.

How secure is your network? It’s FREE to find out!

IT Support LA offers a FREE, no-risk network and security assessment to all companies in the Greater Los Angeles area with a minimum of 10- computers and 1 server. No strings, no obligation.
Just fill out the form on this page or call us at: