Cybersecurity for SMB: Risks, trends and best practices

This guest post was written by Alexander G. Chamandy the founder of Envescent.

Cybersecurity is a critical part of every business’ operational durability. Without attention to it, an attack can be crippling. We recommend business owners and managers view cybersecurity as an investment, rather than a sunk cost, as it pays in dividends of business continuity and resilience.


Small and medium-sized businesses (SMB) are often the target of attacks due to a lack of compliance, maintenance, monitoring, policy, protection, training and vulnerability management. Most SMB incorrectly believe that they aren’t the target of such attacks, thus the requisite effort to remediate these issues is not taken.

This results in a dire lack of security in cloud presence(s), data, device(s), network(s), office(s) and personnel awareness, which, when combined with the increasing scale and sophistication of attacks, makes for an untenable situation that can lead to data loss, manipulation or breach as well as denial of service (or access to valuable resources). The outcome of a successful breach or other attack may also harm business finances, employee morale, company reputation and create legal and other liabilities.

We illustrate three examples of such attacks in this post: with a technological, physical and human security breach.


Malware and phishing attacks are on the rise, and more are being targeted against SMBs specifically as they are often seen as low hanging fruit with deeper purses than consumers. Many of these attacks are targeting data for exfiltration or to hold for ransom.

Most of these attacks that we observe would have been mitigated or even prevented with a greater focus on cybersecurity best practices.

Best Practices

  • Have a written IT security policy and train on it.
  • Patch all of your devices (phones, computers, network appliances) as updates are available.
  • Change passwords at least twice a year.
  • Use secure password management: KeePass, LastPass, OnePass, etc.
  • Use two-factor authentication where possible.
  • Endpoint protection and a network firewall.
  • Do not open suspicious emails or attachments.
  • Secure incoming and outgoing email traffic.
  • Block advertisements in your web browser.
  • Use a secure DNS service such as Quad 9.
  • Encrypt and secure all sensitive data and devices.
  • Wipe old devices before recycling.
  • Purchase a cybersecurity insurance policy.
  • Take engagement letters and other compliance seriously. These are binding legal obligations.
  • Consider hiring a qualified independent security professional to help your company stay safe.

Learn more by visiting envescent's web resources.

Topic: BizLaunch
Copyright © 2021 Arlington Economic Development