Four simple ways small businesses can invest in security

by Josh Stein, Senior Director of Product Strategy, Jamf

A year and a half ago, large enterprises were forced seemingly overnight into digitally transforming their operations. While companies scrambled to stay afloat and convert operations remotely, a surge of entrepreneurs emerged. According to the Census Bureau, more than 4.5 million businesses were started in 2020. This rapid growth in business applications increased by 24.3% in comparison to the average from 2010-2019. This tidal wave of small businesses clearly aligns with the growing trend of the gig economy and with the remote work revolution now being more accessible than ever through technology.

While the ability to launch a small business has fewer barriers than before, a greater risk looms with the potential to knock small businesses to the ground: little to no security literacy or protection. As we have seen in 2021 alone, security breaches impact organizations differently. As larger enterprises can better handle the blow of a financial payout to ransomware or the costs of recovering lost data, a small mistake for new entrepreneurs and their small business can come with sometimes massive, company-ending consequences. 60% of small businesses that are victims of a cyber-attack go out of business within six months.

So how can you lessen your risk of a security incident? Start with repositioning security as an integral component of your business to keep the company, its customers and confidential data protected. Just as companies invest in business insurance as a source of protecting property and inventory assets from future damage, security can be a form of insurance for a business’s digital assets. Here are four key steps to moving towards a more secure environment for small businesses:

1. Security is as simple as a passcode requirement. Creating security baselines can start with simply creating passcode requirements on all company devices. This step alone lessens the risk of an unauthorized actor accessing sensitive information. Additional protocols could be to partner with a compatible Mobile Device Management(MDM) to manage inventory, keep devices updated and secure, and be able to wipe devices clean if they are lost or stolen. This allows owners to drive their business forward without having to get bogged down with managing devices manually.
2. Create a culture of secure practices from the start. Embedding security into the everyday experience for both employees and customers will help maintain a safe environment and attract the right talent for the company. Small companies are scrappy, and an ounce of prevention is worth a pound of reaction. That’s why companies should build security best practices into employee training and onboarding. Utilizing training services like KnowBe4 can teach business owners and its employees how social engineering tactics, like phishing and tailgating, can impact and hurt the business. Employees will have clear expectations of their role in identifying and avoiding potential threats, lowering risks to the business.
3. Align with a trusted security partner. Small business owners keep a short list of key partners they’ll lean on to help delegate important parts of the business that they may not be fully comfortable with. Traditional examples of this would include accountants, advertising, or web site creation. Security should be considered part of this list, whether it be a managed service provider or a trusted consultant whom business owners can go to in order to outsource the management of its endpoint security, investigate incidents quickly or simply when in need of advice.

4. Incorporate security at each level of the business. Integrate security policies into key decisions. Policies, processes and services used and procured by the company begin with a foundation of security – and not an after thought – which makes it more difficult to adapt later. Additionally, embedding security into each layer of the business allows for smooth transitions to occur when changes need to be made to new or existing technologies.

Remember, security is not a “one time thing” that is done and then forgotten about. It should be an iterative process that simultaneously provides feedback on the issues an organization may encounter and shortcomings that need to be addressed. Additionally, it should provide direction on how the organization should move forward to ensure data security and compliance. After all, you don’t just lock your front door one time, right? No, you lock it each time you leave to protect your family & home.

About the Author

Josh Stein is a Senior Director of Product Strategy at Jamf where he leads a team of passionate Apple security professionals who create purpose-built Apple enterprise security solutions. Josh has spent the last 15 years building offensive and defensive cyber-security products for Windows and macOS. When he’s not leading his security teams, he’s cheering on the OSU Buckeyes or scouting the next best mountain biking trail.