25 Luglio 2023

4 simple steps to de-mystifying cyber risk for small business owners

No entrepreneur goes into business to learn how to fight off cyberattacks. They go into business to create the best bakery in town, to build beautiful new homes, or to sell things they love. Almost no business, however, can operate in the modern world without a digital footprint, which means that every business is exposed to cyber criminals. 

3D rendering Futuristic Global communication concept, Technology Network Data Connection and Wireless Technology, Network Marketing and Cyber Security

Empowering intelligent insurance

Manage risk, build trust, and enhance customer experience.

The ubiquitous nature of cybercrime 

Cyber risk is the risk that businesses face from bad actors—be they rogue operators, criminal enterprises, or even nation-states—who try to break into information systems to steal money, misuse data, take systems hostage for ransom, or otherwise wreak havoc. Unlike the threat of a physical break-in, there is no “move to a safer neighborhood” option with cybersecurity. The very fact that a company is always online means that attackers have virtually endless access and opportunity.  

Making things worse, automation and AI are being used to increase the volume and sophistication of cyberattacks, with ever-growing impact. Ransomware and fraudulent funds transfer attacks on small businesses have increased yearly. According to Microsoft Threat Intelligence, Ransomware as a Service (RaaS) has led to the evolution of a gig economy that lets small cyber criminals increase their reach and scale. Simply put, technology has allowed bad actors to automate and scale their cyberattacks, making cyber criminality a large global business. scale their cyberattacks, making cyber criminality a large global business.

Cyber protection essentials for small businesses 

The escalating threat landscape requires proactive measures to safeguard small businesses from cyberattacks. Fortunately, while the risks may be growing, the protections against them are keeping pace with improvements in quality and usability. And that means every business has the option of dramatically improving its security posture.  

You don’t need the security of a giant enterprise to mitigate the risk of your small business getting hacked. You just need to master a few basics. In the Microsoft Digital Defense Report 2022, researchers found that “Over 80 percent of security incidents can be traced to a few missing elements that could be addressed through modern security approaches.”1 I’d recommend that every business owner review this report, and also learn how Microsoft is innovating on security, specifically for small businesses.  

In the meantime, here is a summary of four of the most important steps every small business leader can take to sleep a little better at night:

1. Keep up to date

To start, you should learn to love those software updates you’re constantly being notified to install from Microsoft and other trusted vendors. One area of increasing cyber threats is through exploited software. Even long-trusted software may have vulnerabilities. Fortunately, software security providers and ethical hackers work directly to identify these vulnerabilities as fast or faster than bad actors so the software provider can craft fixes proactively. Those updates are useless if the technology domain owner doesn’t implement them. Implementing a rapid patching plan is an easy best practice for any small business. Indeed, some cyber insurers have begun to deny coverage for cyberattacks if relevant software is not up to date, while others have put incentives like increasing deductibles in place to encourage timely patching. 

2. Keep score on your security posture

Beyond tracking updates, it can be hard to understand precisely how vulnerable your business is. So one essential tool is a measurement service like Microsoft Secure Score, which evaluates your business’s security posture based on your security configurations and provides insights and recommendations regarding security controls. Many businesses now make it a best practice to share their Secure Score with their IT security partner and their insurer, yielding good advice that’s tailored to their particular business.  

3. Implement essential controls

You don’t need to be a cybersecurity expert to secure your online presence. You just need to focus on leveraging a set of key controls. Most cyberattacks on small businesses still come from the least sophisticated sources like social (for example phishing), malware (such as viruses and ransomware), and device and network hacking (like endpoints). Fortunately, there are some basic, proven ways to protect against these kinds of attacks. While no one security measure will stop every attack, there are a set of relatively simple-to-use controls that every small business should put in place. Five security controls really stand out as high impact:

  • multifactor authentication (MFA)
  • email and web filtering
  • data security and backups
  • privileged access management (PAM)
  • endpoint detection and response (EDR)

These critical cyber-hygiene controls create multiple layers of defense, making it harder for cybercriminals to exploit common attack vectors. And they can be implemented without a lot of friction or cost—especially when measured against the pain and disruption that can happen when a business fails to put them in place.  

Implementing these controls isn’t as hard as it sounds—most modern cloud-based software has multiple players of built-in protection. For example, implementing MFA in Microsoft Office 365 is a three-click procedure. Similarly, Microsoft OneDrive has built-in ransomware protection tools that automatically detect and guide recovery from ransomware attacks.   

4. Partner with your cyber insurer and your IT provider

Just as a burglary can happen even when you have all the best door locks, a cyberattack can succeed even when you’ve got the best cybersecurity measures in place. Consequently, preparation and planning are essential. You need to work with your insurer to determine the best security coverage for your specific needs. Cyber insurance offers financial support, incident response coaching, and access to specialized teams that can assist in limiting the damage caused by cyberattacks. You should also work with an IT provider who can build an incident plan that leverages your insurer in case things go wrong. Working together, these partners will make it easier to get you back up and running if an attack should ever succeed.  

Keeping cyber-safe as you grow 

Like property protection and professional liability, cyber insurance is now a necessary cost of doing business. By simplifying the essential steps to mitigate cyber threats, every small business can enhance its cybersecurity posture, reduce the likelihood and impact of attacks, and keep insurance costs down. Done well, effective cybersecurity can even build confidence in making new investments and driving new innovations. 

Staying informed and up to date, implementing basic security controls, and forging partnerships with cyber insurers and IT providers will empower a small business to protect its online presence and digital assets effectively. Remember, cybersecurity is a team sport. By working together, we can create a safer digital environment in which any small business can thrive. 

Learn More 

Find out more about Microsoft and partner solutions for insurers.


1 Microsoft, Microsoft Digital Defense Report 2022.

The post 4 simple steps to de-mystifying cyber risk for small business owners appeared first on Microsoft Industry Blogs.


Source: Microsoft Industry Blog