All questions › Security Essentials
Security Essentials
What small businesses actually need for cybersecurity, without the scare tactics. 8 questions, answered in plain English.
- What cybersecurity does a small business actually need?The non-negotiables: MFA everywhere, managed endpoint protection, email filtering, patched systems, tested backups, and basic staff training. Most breaches exploit the absence of these basics, not exotic hacking.
- Why does my IT provider insist on multi-factor authentication (MFA)?Because stolen passwords are the #1 way businesses get breached, and MFA stops the vast majority of those attacks cold. The minor daily friction buys an outsized security win; there's no better trade in IT.
- What does cyber insurance require from our IT?Insurers now demand proof of specific controls (MFA, EDR, tested backups, patching) and can deny claims if your application overstated them. Your MSP should be able to complete the security questionnaire truthfully with you.
- I'm not comfortable with an MSP being able to remote into computers with private information. How is that access controlled?Legitimate MSP remote access is individually accountable, logged, and auditable: every session tied to a named technician with a record of when and what. You can also require on-screen consent prompts for attended machines. Demand these controls; good providers already have them.
- Do I really need antivirus? I only use my computer for business and never visit sketchy websites.Careful browsing stopped being protection years ago: attacks arrive through email attachments, compromised legitimate sites, poisoned ads, and stolen passwords. Business machines need modern endpoint protection (EDR) precisely because they are business machines; that is what attackers want.
- How should our team actually handle passwords? Everyone reuses the same few and shares them by text.A business password manager fixes this in one move: unique strong passwords for everything, shared vaults instead of texted logins, instant revocation when someone leaves, and one master password per person. It is cheap, and it eliminates the single most common way businesses get breached.
- If we get hit by ransomware, what actually happens next? Would we have to pay?The first hours are isolation and assessment: disconnect affected systems, determine spread, and check backups. Whether you even face the pay-or-not question is decided in advance by one thing: whether an immutable, tested backup exists. With one, recovery is restoration; without one, every option is bad.
- Some of our staff work from home. What does that mean for our security?Home workers extend your business onto networks and habits you do not control. The fixes are established: company-managed devices with EDR, MFA everywhere, encrypted access to business systems, and clear rules about family computers. Remote work is safe when the security travels with the laptop.
Want a straight answer about your setup?
Asheville Computer Company is a local managed IT provider based in Arden, minutes from most of Asheville.
Call (828) 290-9092 or visit ashevillecomputercompany.com for a free, no-pressure consultation.