Cybersecurity is quickly becoming one of the most significant risks facing small and medium businesses (SMBs) today, with 61 percent of SMBs finding themselves the victim of an attack in the past year and 66 percent of organizations overall being affected by ransomware. These attacks can grind operations to a halt or compromise critical data, putting the SMB’s ability to service its customers at risk.

An SMB needs to have a strong cybersecurity foundation to prevent these attacks. While there are many complicated and expensive steps an SMB can take to protect its organization, the reality is that getting the basics right is proven to be often the most effective and cost-efficient way to protect the organization. For that reason, it is the most logical place for an SMB to start.

One of the most foundational cybersecurity basics is patching. Security patches are fixes for known cybersecurity vulnerabilities in software and hardware that attackers could use to breach the organization and put the organization at risk. By implementing these patches for those vulnerabilities inside your organization, an SMB essentially fixes holes in the armor that protect the organization from attack.

The bad news is that there are many vulnerabilities to patch. In 2021, there were 20,196 new vulnerabilities published (called CVEs), up from 17,055 in 2020. These vulnerabilities can be in a company’s software, such as Microsoft Windows, or an SMB’s applications. They can also be in an SMB’s hardware, such as its servers, laptops, or mobile devices.

While this may seem overwhelming, an SMB can make a big difference in the risk these vulnerabilities pose by getting intentional about patching them. First, an SMB should ensure its organization has a complete inventory of software and hardware, allowing it to know which vulnerabilities are relevant to patch. Second, as new vulnerabilities are announced that affect its infrastructure, an SMB should prioritize those vulnerabilities based on the severity of the CVE and how critical the system is to the organization. Each patch takes time and works to implement, so starting with the most vital first means mitigating the most risk. Then, an SMB should work to implement the patches across the organization, carefully testing to ensure it won’t affect operations. Each step of this process should be carefully documented so an SMB knows what work has been done if a future issue arises.

Some tools can help an SMB manage this process. Patch management tools, for instance, can help an SMB track this process to ensure that all components of its stack are up to date. Some of these tools can even automatically help implement patching. An SMB’s managed service provider (if it has one) can often also help monitor for and implement necessary patches as part of its services offering.

As cybersecurity risk continues to rise, it is more important than ever for an SMB to ensure it is taking the necessary steps to protect its organization. Patching is one essential tactic that can make a huge difference in this process, helping an SMB to continue its operations and deliver its services to customers for many years to come.