Security is often ignored, often confused but so important for business owners to keep top of mind. Jon Crotty is a Principal Analyst with Kaspersky Lab, he’s shared three trends that small business owners need to be aware of, in regard to their security.

The beginning of every year is a time when small business owners start planning out their year. They may ask themselves several questions such as: How will I grow my business in the coming year? What marketing initiatives should I take on? What is my cybersecurity strategy? Okay, that last question may not be on the mind of a typical small business owner, but it probably should be. In fact, a recent survey found that the average budget required to recover from a security breach is $38,000 for small businesses – a cost that could be devastating. In addition, The U.S. Department of Homeland Security reported that 31% of all cyberattacks are directed at businesses with less than 250 employees. Unfortunately, we don’t expect this trend to change in 2016 and while implementing effective cybersecurity may seem like a challenge for a typical small business, knowing what to look out for and implementing a few simple initiatives in the coming year could go a long way.

A Cybercriminal “Two for One”

In 2016, we expect to see a rise in cybercriminals targeting small businesses that partner or do business directly with enterprises as a way to infiltrate corporate IT environments. Those behind targeted attacks now spend less money and time creating new malware and technology by using existing programs and methods; however, they still meticulously plan their attacks and analyze potential victims’ infrastructure to look for weak spots. In many cases, most small businesses do not have the time, cybersecurity knowledge or resources (both financial and trained IT staff) to combat cyber threats. For these reasons, cybercriminals look at small businesses as a potential weak spot to not only gain access to assets (customer data, intellectual property, etc.), but to get at enterprises that have the time and resources to be more strategic with cybersecurity initiatives.

So what should small businesses do to help prevent this from happening in 2016? A multi-layered cybersecurity strategy is key and a small business should consider what technologies they need most. There are plenty of sourcing options where a small business will be able to maximize value through products that integrate features through less consoles and through products that work seamlessly together. Encryption is also a strategy that all small businesses should implement. This is critical when processing and storing payment or other confidential information of customers. For example, if an employee laptop gets stolen, unencrypted customer information can lead to crippling fines from regulatory agencies and, equally bad, a loss of trust from customers. In addition, data encryption is actually a requirement once you start setting up Point of Sale terminals that accept credit cards.

The Cloud Tractor Beam is Pulling Small Businesses In

Small businesses are probably starting to feel as if they are being pulled into the cloud by some kind of tractor beam out of a sci-fi movie. This makes sense if you think about the various IT needs of a SMB and a majority of new IT offerings are provided via the cloud. The problem with this is similar to most other technology areas, where security is not the first design priority. Many small organizations venture into the cloud first, then, at a later point, something will trigger a reactionary security concern.

To avoid this, it’s important to keep a few things in mind. Smaller organizations must think about how they are using the cloud. The challenges that come with public, private and hybrid clouds, and the differences in security of these cloud offerings needs to be understood. In addition, data backup procedures and policies should be in place regardless of the type of cloud environment. These security considerations will be critical for small businesses as a part of a cloud implementation strategy in 2016.

Small Businesses Must Rethink Security On-The-Go

According to recent research by Manta, 80% of US small business owners used their mobile devices for business once a day or more. With almost everyone now utilizing smartphones and/or tablets, it is not surprising that the bad guys are targeting these vulnerable devices. In addition, most mobile devices have weak security, so it is easy for criminals to compromise these devices and gain access to not only the data on the device, but also the entire business network.

As a result, mobile security is no longer optional and small businesses that don’t take the time to secure these devices in the coming year will be at a higher risk of experiencing a security incident. Mobile security for small businesses needs to be treated as a two way street between the company and the employee. If the business is granting an employee the ability to use a device, that employee should be expected to make good decisions and follow security best practices. Small businesses understand that they need to roll out mobile enablement programs to keep people productive and happy, but they need guidance on where to start. As part of rolling out mobile programs, policies and education must be in place, even if it’s just a matter of making sure users understand best practices. A great starting point is to make sure users understand how to lock their devices down and how to use settings. This may sound elementary, but many working professionals are not doing this and/or simply don’t care about the security of their devices. These easy tips really help, so even a list of five or ten best practices for employees can be a good starting point.

The issue of addressing cybersecurity challenges may seem daunting to small businesses, but that doesn’t always have to be the case. By implementing a multi-layered security approach, safeguarding the cloud and protecting mobile devices, small businesses can spend 2016 focusing on what they do best – running and growing their business.