Insurance and Security

Cybersecurity measures for the cloud-based small business

Cloud-based software has opened up new frontiers for small businesses — but also left those businesses vulnerable to cyberattack. Here’s how to protect your business.

Published: October 04, 2018

Cybersecurity planning can be tough for small businesses that store data in the cloud. Yet, it’s possible for all companies to develop and execute a plan to secure cloud-based assets, including customer data. Here are key points to consider when crafting a winning strategy:

Seek endpoint protection

Most security compromises start by infecting an “endpoint,” or a communications-connected workstation (anything from a mobile phone to a wireless-connected printer).

Protecting the endpoint, both manually and with Software as a Service (SaaS) provider solutions, secures your computer network from remotely connected devices.

Most available solutions should include anti-virus/anti-malware (AV/AM), but also look for options that support a range of operating systems (Linux, Windows, iOS, etc.) and mobile devices (iOS, Android, etc.).

Look for this from your SaaS

  • Ensure the service has the right certifications.

  • Ensure they conform to relevant industry standards such as SOC 2, Type II certification for data security, or the PCI Data Security Standard for mobile payments.

  • Check back periodically with vendors who pass your initial screening to make sure they maintain their certifications, are in compliance with emerging standards, and are regularly updating and patching their security software.

  • Confirm they can help protect customer sensitive data.

  • Ensure that all your SaaS products can protect sensitive information, especially if you are storing credit card or personal information.

  • Explore business-focused cloud access security broker (CASB) solutions that can also integrate with data loss prevention (DLP) solutions or offer DLP add-ons. According to Gartner, CASBs are security policy enforcement points (both on-site and cloudbased), placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies.

Address encryption

Cloud SaaS data encryption

  • Aim to use a CASB solution that offers encryption across SaaS providers. Though it may seem easier for a business with limited technical capabilities to turn over key management to each individual SaaS provider, it tends to be more efficient and effective to employ a single CASB encryption across services.


  • Keep your business Wi-Fi’s protection settings up-to-date, and encrypt the router or firewall. Additionally, ensure internal devices and guest users connect via separate networks.

Full-disk encryption on servers and workstations

  • Your operating system will likely provide encryption tools, and you can also make use of disk encryption tools from your endpoint protection solutions to manage servers and devices.

Access management

  • Businesses should grant access to cloud SaaS applications as needed, which means ensuring that access is revoked when an employee leaves the company. The access control can be done via a cloud-based service like a CASB, Web proxy services, and IAM services, or a combination.

Back up everything — frequently

  • Focus on backups for data from on-premise servers and workstations. Consider using cloud-based backup solutions that perform backups of both servers and cloud-based workstations. Mobile devices should also be backed up in an automated manner using cloud-based backup solutions. Consider a trial run of any new solutions so you can fully assess if a product will suit your needs.

  • Not only will this protect you from hacks that encrypt data until a ransom is paid, like the notorious WannaCry ransomware attack in May 2017, but it will also serve as a failsafe against network outages or failures.

Cloud-based small businesses can’t afford to ignore cybersecurity.

Fortunately, by developing and executing a sound strategy, they can secure their data without losing sight of their core operations.