If you run an SMB, cybersecurity should consistently weigh on your mind. Cybercriminals are extremely common these days, and fighting them off can be quite the challenge. In fact, the Duke University/CFO Magazine Global Business Outlook Survey found that more than 80 percent of companies in the U.S. have been hacked.

While this should make any company administrator worried, this is an especially frightening statistics for those that run SMBs. While larger organizations certainly receive more attention when they’re hacked, they also have the money and public image to bounce back when a data breach occurs. Smaller businesses, on the other hand, don’t have this luxury. A single hack can be a signal to your customers that you aren’t trustworthy, regardless of what actually happened during the hack.

With your entire business’ image on the line, it’s clear that cybersecurity needs to be a major focus n 2018. That said, this topic is so complex that finding a place to start can be difficult. Cybersecurity is vital, and not beefing up your protections simply because you don’t know where to begin is a bad idea. Therefore, let’s take a look at some of the most important areas of security today, as well as tips for SMBs to avoid these issues.

1. BYOD is vital, but it needs a security upgrade

If you run a small business, there’s a good chance you have a solid familiarity with the bring-your-own-device (BYOD) trend. This is where employees are encouraged to bring their own gadgets into the office for work-related purposes.

The benefits of such a system are obvious and very compelling for smaller organizations. The biggest of these is the cost advantages BYOD brings. The traditional model of getting devices into the hands of workers is to simply buy these devices, which can take a huge chunk out of your budget. However, by allowing workers to use their own tablets, smartphones and computers, SMBs can put the money they would have spent on gadgets toward objectives that can further the company’s success.

On top of the cost advantages, BYOD also allows for a level of familiarity that you won’t be able to produce with company-owned devices. According to a study from CIsco, U.S. employees that were allowed to use their own gadgets at work saved about 81 minutes every week. Clearly, BYOD allows for a big boost to productivity.

“There is a major drawback to BYOD in the form of cybersecurity.”

Despite all of these obvious benefits, there is a major drawback to BYOD in the form of cybersecurity. The issue is that most people simply don’t secure their own devices properly. While the lack of antimalware software on personal mobile devices is certainly an issue, the fact that many people don’t even use PINs to acces their phones is disturbing. If such a person were to lose their phone, quite literally any person that finds it would be able to access sensitive data.

While there are some clear downsides to BYOD, that doesn’t mean you shouldn’t allow for such a system within your company. You simply need to prepare your employees. This begins with some sort of meeting where teh security needs of the company are outlined. On top of that, it may be a good idea to install protective software on any device that has access to the company’s network and data.

2. Ransomware isn’t going away

In a similar vein, ransomware has also reared it’s ugly head and is making moves against SMBs. At its most basic, a ransomware attack is where the attacker encrypts a certain device or multiple devices on a network. The idea is that companies need constant access to the data contained on these gadgets, and that encrypting this information would be a major blow to operations. Therefore, the hacker is able to name his price in order to decrypt the captured data.

While this is a major issue for all the devices your company uses, one area you may want to focus on is how ransomware might affect your mobile infrastructure. Kaspersky Lab reported a 253 percent increase in ransomware attacks in Q1 2017 over the previous quarter. That’s an enormous uptick, and this is very clearly a mounting trend within the enterprise.

“Going after mobile devices simply makes sense to a ransomware hacker.”

Going after mobile devices simply makes sense to a ransomware hacker. Due to BYOD, these gadgets often contain incredibly important information, and companies can’t simply ignore how much data they contain. What’s more, smartphones and tablets often have a lower level of security than traditional computers, which is the perfect opportunity for a hacker to strike.

While the tips above can help prevent such an attack, an additional piece of advice is to back up every scrap of data that you consider important to the company. In fact, the 3-2-1 Backup technique is generally though of as the best way to protect data security from a ransomware attack. This is where you have three copies of a piece of data, kept on two different mediums with one of these mediums being kept offsite. By doing this, you can simply wipe any device hit by a ransomware attack without having to worry about losing precious information.

3. Social engineering should be your biggest concern

Social engineering is a topic we’ve touched on before, but its importance deserves constant attention, especially within smaller businesses. You can think of these attacks in the way you might think of a conman. They generally involve preying on people’s kindness in order to accomplish some sort of malicious task. For example, a hacker dressed up as a plumber might be able to talk a receptionist into letting him into a secure part of the building without clearance.

Are you sure you know who the plumber is? That handyman may not be who he says he is.

The reason this is such an issue for small businesses is that these organizations generally have a more neighborly feel to them. The entire point of hiring a small business is the friendly personal touch these companies can provide, which is a major selling point. However, this attribute can allow for hackers to get away with more than they would have if they’d attacked a larger organization.

The sad truth is that the only way to lower the threat of a social engineering attack is by hardening your employees to sob stories. Hackers will usually spin a yarn about how they lost their ID card or their login credentials, and this story is often convincing enough to get them everything they could ever want out of a company.

Therefore, organizations need to teach employees that being nice isn’t always the best thing to do. Losing login credentials may get a person in trouble, and its human nature to want to help someone in such a situation. However, doing so could be disastrous for the company.

At the end of the day, a company is really only as secure as you want it to be. You can purchase all kinds of cybersecurity software, but if you aren’t willing to take step to prevent an attack, you’re no more protected than someone who avoided these services. By increasing your knowledge and working to ensure your employees understand the importance of security, you can help keep your company’s data safe.