It’s invisible and silent. You can’t touch it, taste it, or smell it. It’s immaterial and formless, but undeniably real. Although it may be difficult to conceptualize, it’s the greatest threat your small to medium-sized business currently faces.


What is this lurking menace? It’s cybersecurity risk

You may not be able to see it, but you certainly can assess it, analyze it and quantify it—and in so doing, mitigate or avoid it. You could, of course, also choose to tolerate or accept the risk, though this is rarely the wisest or even most cost-effective solution.

Many smaller businesses do make this choice, however. Believing themselves to be immune to danger because their profiles are too low, their structures too simple, or their entire organizations too insignificant, they fail to understand the scope of the risks they face. But data shows just how vulnerable they are. In 2017, more than 20% of small businesses were targeted by cybercriminals. According to the Ponemon Institute, the average organizational cost of a data breach was $225 per compromised record, adding up to more than $7.3 million in losses for each affected company.

In fact, because they are perceived as low-hanging fruit, SMBs are increasingly becoming cybercriminals’ favorite targets. As black hat operatives have become more and more professionalized in recent years, their objectives have come to more closely mirror those of legitimate businesses: high ROI, or the greatest possible profits for the lowest costs. Smaller businesses are less likely to update their software regularly (one recent survey showed that 7% were still running Windows XP in 2017!), to test their networks robustly, or to invest in technical solutions and employee training.

Even more worryingly, small businesses are the most likely to fail in the face of an attack. Lacking the critical infrastructure and resources needed to recover, 60% of victims will simply close their doors within six months of a major security breach.

But this doesn’t have to happen to you. In fact, just by reading this blog, you’ve already taken the single most important step in preventing criminals from targeting your organization: you’ve increased your knowledge and awareness. Once you’ve accurately identified your vulnerabilities, it’s time to begin developing a strategy to reduce them. A qualified professional IT service provider can guide you through this process. The best security plans are comprehensive, incorporating multiple elements.


The majority of attacks today can be attributed to human error. As cybercriminals continue to seek the weakest links in networks and systems, they’ll continue to find them in humans—even the best of us sometimes succumb to impulsivity, carelessness or distraction. But strong policies and employee training can go a long way towards shoring up these weak spots. Teach your employees to avoid socially engineered attacks, to choose strong passwords, and to safeguard their devices outside of the office. Implement policies to keep network data safe when employees telecommute, access enterprise resources from mobile devices, or bring their personal laptops into the workplace. Studies have shown that training workers to be more aware of cybersecurity risks is the single most cost-effective strategy for reducing them.



The first line of defense between your network and would-be intruders is a firewall. Like an automated security guard, your firewall will inspect each message entering or leaving your network individually, and authorize only those it deems trustworthy to pass. Firewalls can take the form of dedicated devices or software applications, and operate by filtering individual data packets, by screening host addresses or traffic types, or through a combination of these techniques. Recent versions of the Windows and MacOS operating systems come with firewall capabilities already built into them. Your managed service provider or dedicated IT security professional can guide you in determining what type of firewall protection will best suit your business’s needs.



Your data—whether it’s your customers’ credit card numbers or your patients’ sensitive health information—is the lifeblood of your business. But you can’t store it in an underground bank vault, because it needs to be readily accessible and manipulable. Your data must circulate to sustain your business.

You can, however, choose a dependable backup and recovery system to guarantee that your data can be rapidly and fully restored in the event of a security breach. Various mediums for data storage are available, including magnetic tape and hard disks, but the most cost-effective and reliable solution for SMBs is often a cloud-based backup system. If you use cloud-based backups, your digital assets will reside in a dedicated storage facility built with multiple safeguards against fire, natural disaster, human error, and intruders. Files, software, or entire virtual machines can be housed there for a fraction of the cost of an on-site storage system, and recovery times are usually quicker as well.

To ensure the safety and integrity of your data while in storage (and also while in transit), be certain that any sensitive information is encrypted. Data encryption involves encoding data so that unauthorized users cannot view it in its original form without access to an encryption key.  Even if someone infiltrates your network or steals physical devices from your office, they’ll still find your information illegible. Today’s software products come with numerous built-in encryption capabilities.


Cybercriminals are cleverer and more sophisticated than ever before, and they’re constantly inventing new tactics and strategies. To keep pace with the ever-evolving threat landscape, security specialists are continually updating anti-malware software products so that they will protect against the most recently discovered vulnerabilities. It’s crucial to maintain the latest version of this software on each endpoint device that connects to your network.

Even the most robust and sophisticated software programs can contain vulnerabilities that aren’t spotted until after their release. That’s why patching is essential. Be sure that all currently-available software updates are installed automatically, within the timeframe specified by their issuers, on your network.

Through remote monitoring, your managed IT service provider can keep a watchful eye on your network and the computers and endpoints connected to it at all times of day and night. They can ensure that everything is running as it should be, can remotely install software updates and patches, and will receive an instant alert in case of a problem. In many cases, this means that problems will be solved—and potential invaders stopped in their tracks—before you’re even aware of them.

Establishing and maintaining cybersecurity for your small to medium-sized business is multifaceted. It’s undeniably complex. It requires forethought, planning, and expertise.

But it’s not something you should lose sleep over. Contact Flint Tech Solutions today to set up a consultation. We’ll provide you with a detailed, individualized assessment of the risks you face, and set up a comprehensive plan for managing them. Our proactive approach combats cybersecurity threats before they arise, so they’ll never get the chance to slow your business down.