It is tempting to think of cyber-attacks as a problem that only affects enterprise corporations. However, that level of complacency is dangerously misguided. 60% of small businesses hit by cyber-attacks go out of business within six months. Small businesses are targeted as much as the big firms but have fewer resources (in both capital and staff) to manage attacks. With increased digitization and reliance on the internet, small businesses cannot afford to fall into the trap of thinking that cyber defense is only for the “big fish.”

Here are five easy-to-follow tips that are essential for SMB’s looking to defend themselves from potential cyber-attacks.

1. Raise Employee Awareness

When it comes to cybersecurity, the biggest threat to your organization is human error. Smaller organizations (1–250 employees) have the highest targeted malicious email rate at 1 in 323. Performing regular training on best practices and security pitfalls will enhance your cybersecurity posture immediately. Training employees on a regular basis on how to recognize common tactics like phishing scams and properly protect their stations is vital to fending off those attacks.

2. Have an Incident Response Plan

What happens if you are under attack or discover an attack that was missed? When an attack happens, every moment counts. Do you have the right people and procedures to respond in time? Can they analyze the necessary information to keep you up and running? These are the types of questions that generally get answered in the creation of an incident response plan (IRP). 77% of Businesses simply don’t have a proper IRP. Make sure that your business has an IRP in place. Designate an incident response team that is familiar with your network topology and IRP to execute that plan. The value of someone who has the authority and the training to react quickly in the event of a cyber-attack cannot be overstated.

3. BACK UP YOUR DATA. NOW.

The average cost of a data breach is $3.92 million as of 2019. Be sure that your data is protected and duplicated. Determine the data you need to protect. Set up a plan to have it regularly backed up and have multiple backups (off-site or on-premises). This will lessen the impact of a data breach on your operations.

4. Enforce Strong Password Policy

Does your email client still let your employees make their password “Password?” What about their birthday? Keep in mind, cyber-attacks caused by compromised employee passwords cost $383,365 on average. Failure to create and implement a strong password policy is something no business of any size can afford (and to make it even more robust, be sure to add and enforce 2-Factor Authentication whenever possible).

5. Monitor Your Network Security

It’s 3 a.m. on a Saturday. Who is monitoring your IT network? In case of a cyber-attack, will you know it? How fast will your team respond? Do you have someone in your organization who you trust to detect a cyber threat, stop it, and prevent it from happening again? 43% of breaches happen to SMBs.

SMB owners are resilient and adaptable they are privileged with how agile their business can be. But even the most eager owner is no match for an attack that can decimate their business’ basic ability to function. Something worth doing is worth doing right, and cyber-security is no different. Following these tips will help owners take control of their network security and protect their data. The time to figure out these answers is now – not during an attack.