Fix These SMB Security Flaws Now

Small and medium sized businesses are increasingly becoming the target of cyber-attacks. In fact, 43% of all cyber-attacks target small businesses. And 60% of small companies go out of business within six months of a cyber-attack. These statistics are alarming, to say the least. The reason for this is simple: SMBs usually don't have the same level of security as larger enterprises. This makes them an easy target for attackers, who can then use the SMBs as a steppingstone to larger organizations. There are many different security flaws that can leave an SMB open to attack, and in this blog post we'll discuss six of the most common SMB security flaws and what you can do to fix them. 

Flaw #1: Running Windows 7 or Earlier Workstations 

One of the most common security flaws in SMBs is running workstations that are no longer supported by Microsoft. Microsoft ended support for Windows 7 on January 14, 2020, which means the operating system no longer receives security updates. This puts your SMB at risk of being attacked through vulnerabilities that will never be patched. Any computer running Windows 7 is vulnerable to attack.  

The fix for this flaw is simple: upgrade to Windows 10 or higher. By upgrading your workstations to a supported version of Windows, you'll ensure that they receive the latest security updates from Microsoft. This will help protect your computers from attacks.  

Flaw #2: Running Windows Server 2008 or Earlier Versions  

Another common security flaw in SMBs is running servers that are no longer supported by Microsoft. Windows Server 2008, for example, is no longer supported by Microsoft and therefore doesn't receive security updates. This leaves any server running Windows Server 2008 vulnerable to attack.  

The fix for this flaw is also simple: upgrade to Windows Server 2019 or higher. By upgrading your servers to a supported version of Windows, you'll ensure that they receive the latest security updates from Microsoft. This will help protect your servers from attacks. 

Flaw #3: Running Basic Firewall Without Unified Threat Protection (UTP)  

Many SMBs make the mistake of running a basic firewall without Unified Threat Protection (UTP). UTP, also known as UTM (Unified Threat Management), is a feature that combines several security features—such as antivirus, intrusion detection and prevention, and web content filtering—into one subscription. If your SMB is running a basic firewall without UTP, you're leaving yourself vulnerable to a variety of threats.  

There are two ways to fix this flaw: either add a UTP subscription to your current firewall or upgrade to a firewall that includes UTP features. By doing either of these things, you'll be adding an extra layer of protection to your business—keeping it safe from potential threats. 

-Flaw 4: Only running basic Endpoint Security (AV) on workstations/servers. 

In order to fix this flaw, it is important to implement some level of advanced Endpoint Protection. This includes Endpoint Detection & Response, which can help to detect and protect against zero-day threats and other advanced attacks that may evade traditional Endpoint Security systems. Other important features of advanced Endpoint Protection include real-time monitoring and predictive analytics, which can help businesses to better understand their security posture and stay ahead of emerging threats. If you want to keep your business safe from today's ever evolving cyberattacks, it is essential to invest in a robust Endpoint Protection solution with Endpoint Detection & Response at its core. 

-Flaw 5: No email security. 

To address this flaw, it is important to implement advanced threat protection (ATP) in conjunction with spam filtering and phishing simulation/training. Malicious attachments and links are one of the leading sources of threats these days, and advanced threat protection can help to identify and prevent such emails from spreading within your organization. Additionally, regular training on phishing scams and other forms of social engineering can help employees better spot potential cyber threats. Overall, by taking these steps to improve your company's email security, you can help keep your data safe and prevent costly breaches or damage to your business operations. 

Flaw #6: No formal process for adding and removing users access to IT systems when employees are onboarded or terminated  

To fix this flaw you need to create a formal process for onboarding and offboarding user access when employees are hired or terminated. User accounts that still exist after termination create potential security vulnerabilities. When an employee is hired, they should be given access to the IT systems they need to do their job. When an employee is terminated, their access to those IT systems should be removed. This may seem like a no-brainer, but you would be surprised how many SMBs don't have a formal process for adding and removing user access to IT systems. This can create serious security vulnerabilities. User accounts that are no longer being used by employees can remain active and open, giving former employees (or anyone who knows their login credentials) potential access to sensitive company data. To avoid this, it's important to have a formal process in place for onboarding and offboarding user access to your IT systems. 

These are just some of the most common security flaws in SMBs. By no means should your security protocols stop here, but by taking steps to fix these vulnerabilities, you can help protect your business from cyberattacks. It is important to note that cybersecurity is an ongoing process, and you should continuously be monitoring and updating your systems for new threats. 

If you have more questions about how to strengthen your business’ security, get in touch with our team today. We have multiple options for consulting and management of your business’ data security and can ensure that your data stays secure.