Don’t equate “small” with “safe.” In fact, preventative cybersecurity plays a key role in the success of a small business, which doesn’t have the luxury of being able to afford hacker negotiation services and other pricey damage control like larger businesses.
That’s not to scare you, but you should understand how important cybersecurity measures are. That’s why we’re chiming in with the types of cyberattacks that could target your business, a cybersecurity must-have checklist, and why employee education is everything.
But first, small business owners are at greater risk of cyberattacks—why?
On average, an employee at a small business of less than 100 employees receives 350% more social engineering attacks than an employee at a larger enterprise, according to a study from cybersecurity firm Barracuda.
“Social engineering” is a type of phishing that targets human error to bypass security measures and access sensitive data. The most common types of attacks happen over either phone or email.
Large companies still fall victim to social engineering attacks (just look at Uber, where a teen hacker targeted an employee through the company’s Slack channel) and other types of cyber attacks. However, cybercriminals of all kinds often target small businesses because they expect them to be more vulnerable—and less likely to catch them—than the big guns.
Did you know? Barracuda reports that 60% of small businesses close their doors six months after a security breach. By preventing attacks, you’re protecting your business for the long haul.
Types of cyberattacks that could target your business
- Phishing is when scammers send fraudulent emails posing as a company, group, or individual to get sensitive personal and financial information. Cisco’s latest Cybersecurity Threat Trends report says phishing scams account for 90% of attacks.
- Ransomware attacks infect a computer or software system, blocking access to it until the victim pays a ransom. In 2023, ransomware damages are expected to surpass $30 billion worldwide.
- Malware, aka malicious software, disrupts, damages, or otherwise gains unapproved access to a computer system and its data. New forms of malware are always evolving, so it’s important to keep your security software active.
- Spyware is a type of cyberattack that allows a hacker to monitor victims’ computer activity. Data transmits via the computer system’s hard drive.
- Data breaches may overlap with other types of cyberattacks. In general, a data breach refers to stolen information. Data breaches can be digital or physical, but the modern era makes digital data breaches more common.
Did you know? Around 2014, hackers stole the data of 500 million Yahoo! users, marking it as the largest data breach in history.
Checklist: Small business cybersecurity must-haves (& why they’re important)
| Antivirus software | Antivirus software on all company devices is a good starting point when used in conjunction with other cybersecurity resources.
Remember: Update your antivirus software. Take a lesson from the IRS, which ran outdated antivirus software for a year, leaving a lapse in protection. A report from Treasury.gov pushed the IRS to strengthen its protections for the Taxpayer Digital Communications (TDC) platform, which is teeming with Americans’ most sensitive data. |
Norton, Avast, McAfee |
| Multi-factor authentication | Two-factor authentication (2FA) or multi-factor authentication protects any sensitive data you may have. Jeff Neal, founder of The Critter Depot, says it’s an added layer of security for online accounts and protects you from malicious actors who discover your username and password.
Neal adds, “Some institutions use SMS or email for their 2FA, but these are not good options, because phones can be SIM swapped or email accounts can easily be breached. The most secure 2FA is through Google's Authenticator app.” |
Duo, Authy, Google Authenticator |
| Data encryption | Data encryption makes your information unreadable even if stolen. It comes in many forms, but some common types include full-disk encryption and Transport Layer Security (TLS).
Like the name suggests, full-disk encryption works by encrypting an entire disc or drive. TLS encrypts data being sent from one place to another (you see it in applications like HTTPS web pages, for example). |
AxCrypt, NordLocker, FolderLock |
| Firewalls | A firewall is software that can protect you from malicious cyberattacks. It blocks incoming unauthorized connections by monitoring outgoing traffic for signs of malicious activity.
Sebastian Schaeffer, chief tech officer of dofollow, says, “If you have a broadband internet connection, you likely already have a hardware firewall in the form of a router. However, it's important to make sure this router is properly configured and that you have up-to-date firmware. You should also consider using a software firewall, especially if you have a complex network or use remote access.” |
Bitdefender, Avast, Norton |
| Strong passwords | Password reuse can create vulnerabilities in your business. Whether it’s a Slack login or a credit card password, consider them all equal and use a different one for each account. Protect them in a secure password manager.
Paid platforms LastPass and 1Password are top competitors in the password management market, but there are free options as well. Google Password Manager is generally safe, but businesses may out-scale it. |
LastPass, 1Password, NordPass |
| Virtual private network (VPN) | VPNs help you guard against hackers on public networks or even private networks that they get past.
It’s worth noting that VPNs do not make you or your computer invincible. In fact, 57% of cyberattacks occurred while using a VPN. However, it’s an important tool in your toolkit and can serve as an added safeguard for sensitive information. |
ExpressVPN, NordVPN, Surfshark |
| Private wifi network | Public wifi networks are not secure. Use a private wifi network whenever you can. This goes for all laptops, tablets, smartphones, and other wifi-connected devices. Consider changing your wireless network encryption settings to WPA3.
If you have to use a public network at some point, make sure you verify its legitimacy, use a VPN, and avoid completing tasks involving sensitive data while on the network. |
Have you educated your employees on cybersecurity best practices?
Sam Shepler, CEO of Testimonial Hero, says educating your employees about cybersecurity is key. This is especially true given the prevalence of social engineering tactics in the cybersecurity space.
Shepler says, “Make sure your employees know never to open attachments or click links from unknown senders, and remind them to be extra vigilant about phishing emails that may masquerade as being from a trusted source. You should also have strict policies in place regarding the handling of sensitive data, and make sure your employees are aware of these policies.”
When you train employees on cybersecurity strategy, you empower them to protect themselves and the company at large.
Learn more about protecting yourself from cybersecurity risks
Head to the Global Cybersecurity Alliance (GCA) and National Cybersecurity Alliance (NCA) websites for a small business cybersecurity toolkit. SCORE also hosts a cybersecurity training webinar that you and your employees can take part in. All of these resources are recommended by the Federal Communications Commission (FCC).
Last word on small business cybersecurity
Cybersecurity is a threat, but you’re not powerless. As a small business owner, you can do a comprehensive risk assessment of your brand and take the steps necessary to close any vulnerabilities.
Let these safety measures serve as a starting point for a cybersecurity plan. You can even consider enlisting the help of a verified consultant with direct industry expertise if you want. However, with so many legitimate resources at your disposal, you can start to tackle cybercrime now and build the many pieces of your small business security system.
