Microsoft's Brad Smith Shares Four Cybersecurity Tips for Small Businesses

At the Small Business Administration's inaugural Cyber summit, the Microsoft president has some choice advice.

If Microsoft President Brad Smith was running a small business, the first thing he says he'd do to assess cybersecurity risk doesn't even cost a cent.

During the Small Business Administration's inaugural Cyber Summit last week he said he'd first ask his team if there's somebody on staff that's knowledgeable about IT. Whether it's someone on staff, or an external security partner, Smith says he'd look to spend 15 minutes learning about the organization's vulnerabilities and examine what has, and has not, been addressed.

Given the tense cybersecurity landscape these days, the timing for that conversation has never been better. "Unfortunately small businesses are more of a target than they were five years ago," Smith said in conversation with SBA Administrator Isabel Guzman. "In some ways, we've seen the cybersecurity threat landscape become more diverse."

With October being cybersecurity awareness month, the SBA's inaugural cyber summit sought to educate small businesses about how to become more resilient amid rising cybersecurity attacks. Smith shared a wealth of insights during his keynote with Guzman.

Here are four of them:

1. Stay up to date

Smith's first tip for businesses is to keep software current. This is something that tech companies such as Microsoft, Oracle and others already assist with by releasing patches on Patch Tuesday, or when software updates are released to "patch" any vulnerabilities.

2. Tighten up your passwords

Businesses need to set up multi-factor authentication and deploy strong, unpredictable passwords, according to Smith. "It shouldn't be ABC123," Guzman quipped. If it may seem unbelievable that someone would use such a fallible combo, think again--digital security company Nordpass worked with independent researchers to take a look at more than 15.6 million breaches sustained by Fortune 500 companies in a past study. The findings revealed that the word "password" was one of the most popular passwords among all industries.

3. Consider the cloud

If businesses keep their software current and use multi-factor authentication, they'll likely eliminate 95 percent of the risks they'd normally face, according to Smith. But he adds that it's also important for businesses to look into cloud security.

"If everybody's just trying to run their software on their own hardware in their own four walls, it means you have to do everything to maintain that hardware," he explains. "Whereas if you move to the cloud - whether it's Microsoft or one of our competitors - that becomes our problem. It's no longer your problem as a small business owner."

4. Use all available resources

There's no question that small businesses have fewer financial resources than larger counterparts to fend off cyber attacks. The SBA dos offer educational programing for small businesses to take advantage of, including planning and assessment tools along with explainers around common threats. The agency also offers in-person and virtual events for training purposes to help small businesses protect themselves. You can learn more at the SBA's webpage (https://www.sba.gov/business-guide/manage-your-business/strengthen-your-cybersecurity).

Looking ahead, Smith envisions that the sector will continue to see more defensive protection, and more cybersecurity services built in that are offered in ways that are easy to use. And that's good news, given that he also forecasts that cyber threats will grow more sophisticated over time. "We have to assume that adversaries will get better, that's what adversaries do," he says. "At the end of the day, [cybersecurity] becomes a little bit like a seatbelt," Smith explains. "A seatbelt is in your car and we know it saves lives, but you do have to put it on."

Curated, Collated and Shared by

#NileshRoy ?? #Mumbai ?? #01November2022?

#BradSmith #SmallBusinesses #cybersecurity #cybersecurityrisk #risk #vulnerability #vulnerabilitymanagement