Photo: Oleksii, YFS Magazine, Adobe Stock

What SMBs Need to Know About Privacy and Security in 2021

As SMBs expand their remote workforce, they must commit to a more agile, business-centric approach to prioritize security and privacy.

Eric Yu, Lenovo’s Senior Vice President and General Manager, Worldwide Small and Medium Business Segment, Intelligent Devices Group, shares three reasons security and privacy should be top priorities for SMBs in 2021 and beyond.

Recent security breaches have eroded trust in the digital ecosystem. According to Cybint, 43% of cyber-attacks target small business and the global average cost of a data breach is estimated at $3.9 million across SMBs. Coupled with the growing interest in privacy and the ethics of data usage as we enter the AI era, we are at a pivotal juncture in the evolution of internet security.

As the global health crisis accelerated the rise of remote work, requiring organizations large and small to adjust their approach to security and privacy, an opportunity for SMBs to leverage new solutions emerged.


As SMBs grow and expand their remote workforce, they must commit to a more agile, business-centric approach that places security and privacy within the context of the organizational strategy – or risk becoming vulnerable to cybersecurity attacks and getting left behind.


The pandemic has highlighted the fact that people need to be more aware of their own security vulnerabilities and take the necessary precautions to protect themselves.

SMB owners and employees must try to predict unsecure access points and strategize against them. No longer is work done just within the confines of the corporate network. While this is something we were starting to see long before COVID-19, what has changed is the shift to work taking place exclusively outside of the confines of the four walls of the office.

The work-from-anywhere culture will prompt companies to develop and enhance tech that is tailored to the new behaviors of the workforce, including IoT solutions to help monitor safety and well-being.


Have a ‘Better Safe than Sorry’ Mindset with Zero Trust Security

The birth of the cloud means that much of a company’s data doesn’t need to be stored physically on-site and can be accessed through the internet instead. This year, more than 70% of business users will be substantially provisioned with cloud office capabilities. These Cloud-based services are particularly beneficial for businesses that have more than one location. Cloud computing allows ease of collaboration between colleagues based anywhere in the world. It can also save both time and space in the office.

More remote and cloud infrastructures mean companies will grapple with how to best keep themselves secure with integrations of partner security services.

Protect your business from cyber extortion
Photo: © iana_kolesnikova, YFS Magazine

Zero Trust, a term we’re starting to hear a lot in the security space, goes beyond the usual marketing hype to emphasize access and privileges. According to Wandera, by 2022, 80% of new digital business applications will be accessed through zero-trust network access (ZTNA). The reality is that attackers – at least the ones that can cause significant damage through data theft and a myriad of other ramifications – continue to become more sophisticated and operate like ‘criminal corporations’ with a sense of command, control, financial motivation and organization.

By adopting a Zero Trust model, we assume security access and privileges are granted based on a ‘need-to-know’ basis. With this in mind, here are a few reasons security and privacy should be top priorities for SMBs in 2021:


Cybercriminals will continue to use consumer vulnerabilities as an opportunity to target and compromise end-user systems.

With the ongoing crisis, threat actors are quickly updating their tools, techniques, and procedures to leverage global uncertainty and target employees of large and small enterprises.

The unexpected challenges business owners have experienced in the past year, forced employers to get creative in finding new ways to ensure their employees’ digital health no matter where they’re working. Each user in every organization must develop a heightened state of awareness to contribute to the protection of their devices. Some easy ways to protect your device are as follows:


  • Do not click on the links from unknown sources – This may appear obvious but cyber-criminals are getting smarter at replicating what appear to be trusted sources. These may be embedded in untrustworthy websites, emails or texts from unfamiliar sources; refrain from downloading COVID-19-themed apps or documents from unknown sources as well. Secure endpoint devices to minimize the threat. For example, isolate internet applications through sandboxing to contain cyber-attacks.
  • It is important to have multi-factor authentication (MFA) in place for all your critical corporate services including email. Using MFA will protect your account against attacks starting with credential (user/password) theft.
  • Protect your passwords – Passwords are often the weak link in organizational security. Move to passwordless environment to improve security posture and lower total cost of ownership by removing password reset burden on IT support. It also offers a better user experience as users no longer have to remember a password but instead leverage multi-factor authentication with token and biometric-based methods.


Addressing the risks posed by potentially logging onto a rogue access point is a vital consideration.

While most of the world is under shelter-in-place restrictions and using their devices from home, it’s only a matter of time before workers across the globe begin heading back to shared workspaces, coffee shops, planes and everywhere in between. Additionally, smart home devices may add risk to corporate networks as employees log-in from home via their company devices or personal devices. SMB employees must understand the vulnerabilities associated with remote work and strategize against unsecure access points.


SMBs must commit to a more agile, business-centric approach to security

SMBs must commit to a more agile, business-centric approach to security that doesn’t replace their existing security models, but rather prioritizes security within the context of the company’s overall structure.

With the increasingly blurred lines between personal and work devices, a heightened sense of information protection will continue to grow among consumers and employees working from home. To help provide clarity for employees and customers, SMBs should clearly identify security policies and measures between work and personal devices and implement those accordingly.


While COVID-19 has challenged businesses to think about security in a new way, the risk is not likely to go away once we start phasing back into the workplace. For example, if any machines were compromised while employees were remote, once reconnected to the corporate network those machines can offer cybercriminals an open door into your business.

Therefore, it is vital for business leaders to employ these security measures now and take time to implement appropriate training on security and privacy for all employees. Being proactive versus reactive can be instrumental in preventing a reputation-damaging breach down the road.


Jeremy Biberdorf is a long-time internet marketing pro turned online entrepreneur and blogger. Check out his investing blog at Modest Money.


© YFS Magazine. All Rights Reserved. Copying prohibited. All material is protected by U.S. and international copyright laws. Unauthorized reproduction or distribution of this material is prohibited. Sharing of this material under Attribution-NonCommercial-NoDerivatives 4.0 International terms, listed here, is permitted.


In this article