Cybersecurity Best Practices for Small Businesses

2023 saw a major increase in cybercrime. According to Cybersecurity Ventures, there was a cyberattack every 39 seconds in 2023, which is more than 2,200 per day. The FBI reported that Americans lost $12.5 billion to cybercrime last year. While large companies certainly take hits (and make news’ headlines), small businesses are actually very attractive targets for cybercriminals.

Small businesses have the information that cybercriminals want, but they typically lack the security infrastructure of larger businesses. And although they are a desirable target, many small business owners have limited time to dedicate to cybersecurity and might not know where to begin even if they had the time.

Here is a list of tips and strategies to help your small business enhance cybersecurity and protect sensitive data. While reading, think about how you are performing in these different areas of your IT landscape.

1. Keep Clean Machines - Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Antivirus software should be set to run a scan after each update. Install other key software updates as soon as they are available. Employees should not be allowed to install software without permission.

2. Secure Internet – Firewalls are an important barrier that monitor and control incoming and outgoing traffic. If you use a private network, it should have a firewall. If you use WiFi, it should be secure, encrypted, and hidden.

3. Take Precautions With Sensitive Data
  • When it comes to finances/payments, make sure you have confidence that your bank or applicable vendors are using trusted, anti-fraud tools for their services. As an extra precaution, isolate one computer for financial activities. Do not use the same computer for payment processing and causal internet browsing. 
  • Schedule daily backups on all computers for operating systems, databases, documents, and files. And use multiple methods of backing up your data (i.e. external hard drive, cloud storage, etc.).
  • Frequently audit the data that is being stored in cloud repositories (ex. Dropbox, Google Drive, Onedrive). Monitor user permissions, giving employees access to only the information they need to perform their jobs. 

4. Enable Multi-Factor Authentication –

To deter hackers, all accounts/applications that employees log into should be set up with multi-factor authentication, where the employee must provide more than just the common username/password requirement (i.e., security question, physical token, facial recognition, etc.).

5. Manage Mobile Devices – Today, many businesses utilize mobile devices for their employees. But if mobile devices aren’t protected, the door becomes wide open for security threats. Employees should be required to use password protection, data encryption, and have security apps installed to prevent cyberattacks while the device is on public networks. There should also be an established protocol for lost or stolen devices.

6. Train employees – Employees’ bad IT habits are a leading cause of data breaches for small businesses. Teaching employees common best practices can go a long way in preventing cyberattacks. Topics to cover should include internet browsing practices, phishing emails, suspicious downloads, password security, and enabling authentication tools.

 If you are unsure how to follow any of the above guidance, don’t let a cyber criminal’s attack be your prompt to enhance security. Reach out to a trusted IT professional today to discuss methods to safeguard your business.