If your data has value to you. It has value to hackers.

Something good to remember.

"We're just a local ice cream shop. Who could possibly care about us?"

"What are Russian hackers really going to do with our tire shop's data?"

"You seriously think hackers care about our tree farm? Come on."

I hear things like this all the time from small businesses...

And it always concerns me.

For two reasons:

1) Hacking isn't always 1x1 personalized.

Some of the high-profile hacks we read about are truly personalized...

With teams of people working by hand to break into specific companies.

But, many hacks are actually completely automated.

Which means...the bad guys don't have to choose between big and small.

They just hit everyone! And see what sticks. 

2) The hackers aren't dumb. Seriously.

These hacking groups are well-oiled business machines.

They can quickly figure out your revenue...

And make a pretty good guess at what you'd be willing to pay for what they've taken.

Whether we're talking about customer credit card data...

Or your email marketing database...

Or all of your employees’ health insurance records.

$50,000 might not be a lot to them. But it's a ton to you. And they will make you pay it.

So, please, be careful of blindly assuming that your size means you don't need to worry about security. 

This thinking has killed many businesses.

If you don’t want to be in this group…

Read on.

I'd love to share a practical list of 5 starting points for better SMB security:

1) Regularly train your users to spot phishing emails.

90% of hacks involve user error. Often users clicking on malicious emails or mistakenly giving out key info.

So, we have to constantly be training our users not to make these mistakes!

There are lots of great training options on this front. Even simulated "game" types. 

2) Don't just buy cyber insurance. Make sure you're compliant with your policy.

Lots of businesses have cyber insurance...

But wouldn't actually get a payout because they aren't in compliance with their policy.

Make sure you are doing the things required to actually be protected.

3) Require regular password rotations, and always turn on 2-factor authentication.

Back to users.

"cfo212" is not a good enough password...

And while 2-factor is annoying, it needs to always be turned on.

4) Leverage IT experts to keep your systems infrastructure up-to-date.

This one often gets missed.

Some hacks are truly just 100% automated system breaches...

Due to things like a non-patched server with a key vulnerability, that hackers know how to exploit.

Keep your stuff up to date.

5) Leverage threat feeds to make your endpoint security cutting-edge.

The idea here is simple...

Your firewalls will be a lot more effective if they are leveraging shared network data from attempted hacks around the world.

If you want some example vendors on this front, just DM me.

Ok...that's a wrap.

Worry about security.

Start with these 5.

And, if you want to go deeper?

I'm always happy to talk more.