8 ways small to mid size businesses can improve cybersecurity

Cybercrimes and data breaches are a growing threat for businesses. In total, cybercrimes are predicted to inflict upwards of 6 trillion USD globally in 2021, and the cost of cybercrime is expected to grow by 15% each year within the next five years. Small and medium-sized businesses (SMBs) aren’t immune to these threats — according to one report, 15% of small businesses suffered a virus, leak or hack in 2019. In response, SMBs are devoting more resources to cybersecurity, with a whopping 67% of small businesses reporting that they aimed to boost their cybersecurity in 2020. So how can SMBs improve their cybersecurity to face the new cybercrime landscape? Here are our top cybersecurity tips for small to medium-sized businesses.

phising makes up about 30 percent of all attacks on small to mid size businesses

What Problems Are SMBs Experiencing With Cybersecurity?

While many small businesses have remained unscathed from cybersecurity challenges in the past, the threat of cyberattacks for SMBs is growing. In one survey, 63% of surveyed SMBs experienced data breaches in 2019, compared to 58% in 2018 and 54% in 2017. This risk is far too high, considering that small organizations spend an average of $200,000 per incident, and 60% of SMBs go out of business within six months of an incident.

So what specific cybersecurity problems are SMBs experiencing? Some of the most common ones are as follows:

  • Phishing: Phishing is an attempt to obtain sensitive information using fraudulent links, commonly sent via email or text message. Phishing is one of the leading origin points for cyberattacks, making up about 30% of all attacks on SMBs, and is one of the fastest-growing types of attacks.
  • Ransomware: Ransomware is malware that infects devices and restricts access to files unless a company pays a ransom to prevent the data from being destroyed completely. Unfortunately, ransomware is on the rise. Ransomware damages cost the world 8 billion USD in 2018 and $11.5 billion in 2019, and the global cost is expected to reach $20 billion by 2021. SMBs are not immune to this type of attack — according to one 2020 survey of senior executives, 46% of small businesses have been targeted by ransomware attacks. Of those businesses that experienced a ransomware attack, 73% paid a ransom, but 17% recovered only a portion of their data.
  • Mobile malware: Personal mobile devices are becoming increasingly common in the workplace. However, they are also becoming an increasingly popular target of cyberattacks. Connecting unsecured mobile devices to a company’s network can introduce security vulnerabilities that put the entire business at risk.

All of these problems can be traced back to a lack of appropriate cybersecurity measures. Fortunately, many SMBs are aware of the threat and plan to increase the amount of resources devoted to cybersecurity.

8 ways to improve cybersecurity for a small to mid size business

8 Ways to Improve Cybersecurity for an SMB

SMBs can improve their cybersecurity in several ways, most of which are easy to implement. The Federal Communications Commission (FCC) outlines some best practices:

  1. Installing firewalls and anti-malware software: Firewalls are programs that protect private networks from being accessed by outside parties. These firewalls are the first line of defense against cyberattacks and are an essential component of any cybersecurity protocol for SMBs. In addition to firewalls, install anti-malware software as a second line of defense against any malware that makes it through your other security measures.
  2. Encrypting data: More than 40% of businesses encrypt essential or private data, including employee, customer and financial data. Encryption protocols scramble data so it is unusable without a key code. This helps protect your data from being used if it is intercepted by a third party.
  3. Securing networks: If your business has a Wi-Fi network, ensure that it is hidden and secured with a password. Do not allow customers or outsiders to access the network and set your router not to broadcast the network name.
  4. Enforcing password policies: While regularly changing passwords is a pain for anyone, it is an essential security measure. Require employees to change their passwords to unique passwords every 60 to 90 days. Require employees to have separate accounts with unique passwords to avoid sharing logins and use multi-factor authentication where possible.
  5. Training employees: SMBs can protect themselves from a range of cyberattacks through effective employee training. Train employees on essential security practices, such as setting up strong passwords, using two-factor authentication and knowing how to identify and report phishing scams and suspicious activity.
  6. Planning for mobile devices: With more and more businesses allowing employees to bring in their own mobile devices, it is essential to have a device policy that covers security precautions. SMBs must set standards for updating and securing mobile devices that will have access to the company network, including password protection, encryption and usage guidelines.
  7. Performing regular backups: Regularly perform data backups on all computers and systems, especially systems that hold critical data for the business. Automate backups when possible and store them offsite to protect them against breaches or physical threats like fires and natural disasters. Additionally, check backups to ensure that they are functional.
  8. Utilizing security management solutions: Managing all aspects of your cybersecurity can quickly become a monumental task, even for SMBs. Where possible, look for trusted security management solutions to ease the burden. One such resource is an identity access management (IAM) solution which allows for greater control and access to data while maintaining security.


Download Free SMB Whitepaper


One final note is that you should document any protocols and employee expectations thoroughly and review them regularly to identify areas of improvement. When used in combination, all of these tools and steps can effectively help SMBs improve their cybersecurity.

how optimal idm can help with your cybersecurity needs

How Optimal IdM Can Help!

If you’re looking for security tools that can help improve your company’s security, Optimal IdM can help. We offer identity and access management (IAM) products to help you control and monitor access to your data while maintaining your speed, performance and security. Our IAM for SMBs offers the following solutions:

  • Single sign-on (SSO): Minimize the hassle of signing-on to multiple systems with an SSO solution. Sign in once and you’ll gain access to all systems and applications linked to our solution.
  • Multi-factor authentication (MFA): Utilize customizable MFA solutions to add an extra layer of protection to your sensitive data and apps.
  • Universal Directory: Gain greater visibility, security and control of your LDAP directories with a Virtual Identity Server (VIS) protected by an LDAP Proxy Firewall.
  • User management controls: Gain greater control of user access and delegation using advanced user management software with The OptimalCloud.

No matter the size of your business, IAM products and services can help keep your data secure. With advanced security features that are fast and scalable, you can protect your company from hacking attempts. Even better, our IAM products are managed services, meaning that we handle everything from installation and configuration to monitoring and maintenance, freeing up your administrators to focus on value-added tasks.

sign up with optimal idm

Sign up for a Free Trial

Optimal IdM is a global provider of innovative IAM solutions. We pride ourselves on offering clients comprehensive, customizable and affordable solutions that meet their security and scalability needs. Whatever your size or industry, Optimal IdM has a solution that can improve your cybersecurity and protect you from emerging threats.

Interested in getting started with Optimal IdMs IAM solutions? Start your free trial today or contact us to learn IAM tips for SMB owners.


Download SMB's Face Greatest Security Risk Whitepaper

We’re committed to your privacy. Optimal IdM uses the information you provide us for marketing efforts and you may unsubscribe from these communications at any time.

I agree to the Privacy Policy and Terms of Service.


  • The database in which all of your organization’s sensitive identity data is stored.
  • A digital ledger in which digital transactions are recorded chronologically and publicly.
  • Securely managing customer identity and profile data, and controlling customer access to applications and services.
  • The means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.
  • A legal framework that sets guidelines for the collection and processing of personal information of individuals within the EU.
  • The policy-based centralized orchestration of user identity management and access control.
  • An authentication infrastructure that is built, hosted and managed by a third-party service provider.
  • A security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login or other transaction.
  • A global provider of innovative and affordable identity access management solutions. 
  • Managing and auditing account and data access by privileged users.
  • Tools and technologies for controlling user access to critical information within an organization.
  • An authentication process that allows a user to access multiple applications with one set of login credentials.

Pin It on Pinterest