Email and Cyber Security Solutions for Small Business – How IT Admins Can Create a Complete Plan

In March, the U.S. Congress Small Business Committee released three guides on cyber security solutions aimed at SMBs. They cover the Internet of Things (IoT), responses to data breaches, and the protection of personal information. While President Trump’s administration has promised to be tough on cybercrime, these reports are less political rhetoric and more practical reality. Small businesses are in big danger when it comes to hackers and cyber security.

According to Symantec, 43 percent of cyberattacks are against SMBs. Worse yet, 79 percent of small business owners have no cyber response plan. What does that look like in practice? In Canada, almost 60 percent of small business owners claim hackers accessed their confidential information in 2016. There’s a clear need amongst IT admins trying to find cyber security solutions that don’t break the bank for their small and medium businesses (or clients).

Email has become the most vulnerable element of any small business’ cyber presence. Hackers are able to prey not only on a shortage of IT Security resources, but also on the lack of security training and awareness. There’s also a difficulty in enforcing email security policies (such as 2FA), preventing frequent human error and implementing the right email security solutions. Working with a reputable, reliable email protection service provider can be the first step in any small business cyber security strategy.

To get some answers on what to look for in that process, here’s a Q&A with email security expert Yves Lacombe, Support Director and Senior Technician at Vircom.

Hi Yves! Why is having an email and cyber security solution so important for small businesses today?

YL: There are a lot of threats out there. Let’s look at one – the biggest risk these days is ransomware. Having your small network infected with ransomware can cost a ton of money in terms of lost time and data — and data recovery. The average cost of a single data breach to a small business is between $36,000 and $52,000 alone. Not having a strong plan can be costly.

For small businesses of 30 employees or less, having an IT security expert clean up a ransomware mess can be a crippling financial burden. Also, because most SMBs don’t have a full-time IT person on staff, many do not have structured practices when it comes to information storage and sharing. This poses a serious risk. Since most malware comes in through email, it becomes paramount to use an email security solution. How to prevent ransomware attacks should be a top priority for any SMB’s security plan.

Are there any hacking trends making small business security and threat protection more difficult?

YL: Hackers are lazy — they will go for the weakest link in the chain. Social engineering and human error are almost always the easiest ways into an organization. We’re starting to see straight html email be leveraged for drive-by download attacks. Spammers are also using conventional office documents like .docx, .xlsx and other macro-bearing files.

Any type of file where people exchange information with each other is a viable target — and a threat. PDF files have been targets in the past and will be in the future. There may come a time where your only option to keep your email safe is to block most types of attachments altogether.

What are some steps the IT admin or owner of a small business can take to protect their organization’s emails?

YL: To protect their organization’s email, I’d suggest a small business IT admin or owner take these 6 steps:

1. Find a good email spam and virus filter that protects against today’s biggest threats like targeted phishing and ransomware. This solution should also provide URL vetting and rewriting if possible, providing a hybrid spam filter/firewall function.
2. Using an alternate form of file sharing instead of email is an often overlooked measure. A great example would be collaborative file sharing.
3. For financial transactions like money requests, wiring funds and transfers, do not just rely on email. Create a corporate policy and culture of verbal confirmation. Failure to do so should be grounds for immediate punitive action. There are too many fraudsters now that will find away to successfully fool a user into transferring money.
4. Backups, backups and more backups! It’s not a question of “will” you get infected — it’s a matter of “when”. Sorry optimists, but cyber security is a glass half-empty sort of business. You should always work under the assumption that eventually someone in the organization will goof up and will likely click on a link or open an attachment they weren’t supposed to. However, the negative effects can easily be manageable for your business, big or small, with a well laid out plan.
5. Have a specialist look at your information storage policies and ensuring you have daily, weekly and monthly backups done on critical data. Don’t blame your staff – people have varying technical abilities and no matter how much security awareness education and training you do, there will always be that one person at the wrong place and the wrong time who will do something without thinking. That’s human error — and human nature. Even the smartest people can mess up sometimes.
6. Finally, be sure to test the restoration of those backups to assure business continuity. There’s no point doing all those backups if it turns out they are corrupt or can’t be restored properly.

What are some email security solutions for small businesses you would propose?

YL: Vircom is in the business of protecting email. Frankly, we throw everything and the kitchen sink at email security, ensuring our customers get the most value possible. Some of our key services for small business owners would be:

• We get that small business owners may not have the time or money to hire a full-time IT person. That’s why our highly motivated support staff work for you. You almost always get a human being on the phone. Our support will always have your back. If we can’t fix it right away, we’ll almost always have some sort of workaround.
• We provide the most cutting edge and current solutions available. We are proud to offer URL rewriting on modusCloud, our core cloud email security offering, as well as social media protection, business email compromise protection, email encryption, email archiving and data loss prevention.

Any final thoughts or takeaways?

YL: With massive data breaches like Yahoo’s still dominating headlines, it can be easy for small business IT admins, owners and entrepreneurs to feel like they they are too “small” to be targeted. Unfortunately, hackers will always look for unexpected targets, small, medium or big. Small businesses are constantly juggling endless challenges with limited resources. In all likelihood, they may be unable to hire a dedicated IT specialist to set up and manage their cyber security solutions. This leaves them vulnerable to attack. Fortunately, there are both steps and solutions to take make email security one less thing to worry about. Good luck!

To discover more about Vircom’s modusCloud and it’s powerful encryption, Data Loss Prevention and more, click here to talk to an expert and get started on your free trial!