Small- and medium-sized businesses (SMBs) have learned to save money and to spread out technology expenses with “Software as a Service” (SaaS) subscriptions that store software applications in a cloud-based environment instead of on the SMB’s own servers. The growth of SaaS, however, has been matched and even surpassed by the expansion of “Crime as a Service” (CaaS), in which cyberthieves trade hacking tips and offer their data breach services for a fee over the dark web. Equifax’s recent hacking woes might lead an SMB to think that cyberthieves only target big businesses and leave SMBs alone. But the reality is that cyberthieves are more likely to prey on SMBs because they do not have the same cybersecurity resources that are commonly found among larger companies.

Regardless of whether an SMB relies on SaaS subscriptions or has a server-based software environment, the SMB should consider at least five basic cybersecurity tools that provide the strongest technology cyberdefenses with post-breach containment strategies.

1) Firewalls and Intrusion Detection Systems

A firewall, which will be installed on individual devices and network routers, will compare all data coming into a network against a list of rules and known threats. If the data matches the rules or threats, the firewall keeps it out of the network. The firewall will not, however, stop every spam message, malware, or virus. Moreover, employees might disable firewall protections on mobiles devices, for example, to facilitate connections to offsite Wi-Fi networks. Intrusion detection systems will be installed at different nodes or devices within a corporate network. Some of these systems act much like firewalls. Others have more advanced features that can detect anomalies and unusual traffic patterns into and out of networks. The optimum firewall/intrusion detection system combination will be a function of each SMB’s individual network environment.

2) Virtual Private Networks (VPNs)

A VPN will ensure that all traffic into and out of a network is encrypted and, accordingly, unreadable by hackers who might use packet sniffers and other technology to spy on corporate communications. VPNs are particularly beneficial for SMBs whose employees use smartphones and tablets to access an SMB’s network. The VPN will encrypt user names and passwords that employees enter into those devices to preclude hackers from stealing that login information.

3) Multi-Factor Authentication (MFA)

Multi-Factor Authentication creates a higher bar for someone to pass before gaining access to a corporate network. A hacker might steal an employee’s login credentials, for example, but would be less able to bypass an MFA access system with just those credentials. Upon attempting to login, the MFA system might send a text message to the genuine user with a special code that must be entered before the login is allowed. Unless the hacker had access to that text message and code, the login would fail. MFA straddles the line between defensive and containment strategies to the extent it assumes that login credentials can be compromised in a data breach. The multi-layer access code requirements created by MFA preclude the hacker from gaining deeper access into a network.

4) Cybersecurity Insurance

Cybersecurity insurance from knowledgeable cyber insurance providers is the final component of every cybersecurity defense strategy. When all else fails and an SMB suffers a data breach, cybersecurity insurance can provide compensation for direct losses and third-party liabilities that flow from the breach. If an SMB’s regular insurance carriers do not have the expertise or they do not offer a cybersecurity insurance policy that fits the SMB’s environment, the SMB can readily find a cyber insurance provider with the knowledge and expertise to provide the coverage that will protect the SMB from ruinous losses.

5) Secure Backup Plans

Any extended downtime can be disastrous for an SMB, regardless of whether that downtime is caused by a natural disaster or a cyberattack. A dynamic backup and disaster recovery plan can get an SMB back up and running more quickly, for example, in the event of a ransomware attack that freezes access to software systems and internal data. Backups need to be segregated from a business’s regular network operations to prevent them from being compromised as well. An SMB should also regularly test and practice its recovery protocol to ensure that its backup strategies work according to plan.