7 Cybersecurity Tips for Small Businesses

Photo of someone using a laptop
While nearly half of all cyberattacks aimed at businesses target smaller organizations, many small business owners are unsure of what they can do to defend their companies against this threat.
4 min read

As a small business owner, you’ve likely heard that hackers are increasingly focusing their criminal efforts on infiltrating organizations just like yours. However, with limited financial and people resources, it might seem like there’s not much you can do to defend your business and employees against this risk. But actually, there are several action steps you can take that may help you stop a cyberattack in its tracks—most of which probably won’t take nearly as much time or money as you may think.

7 Simple Steps That May Help Improve Cybersecurity at Your Small Business

1. Install firewalls between your network(s) and the internet.

A firewall is a network security system that monitors and controls incoming and outgoing network traffic and establishes a barrier between a trusted network (e.g., your company’s) and an untrusted network (e.g., the internet). It is fundamental protection for preventing malicious traffic from entering your systems and gaining access to sensitive data that may pertain to your customers, employees, tenants, and more.

2. Install up-to-date anti-virus and anti-malware software on every company device.

Are you monitoring all company digital, mobile, and smart devices for any signs of malware being installed? If you haven’t installed anti-virus software and anti-spyware on them, the answer is probably no. But it’s not enough to simply install this software on all company devices. You should also run regular updates to ensure these programs are checking for the latest types of malware because bad actors are constantly rolling out new versions.

3. Encrypt all mobile devices and sensitive or confidential network data.

A criminal who gets their hands on a business device used by you or an employee will probably be able to quickly gain access to all sorts of personal information and confidential data—unless it’s encrypted. By encrypting company devices and the data they hold, you make a hacker’s work more difficult because they typically need to figure out an encryption password, code, or key before they can retrieve or corrupt your data.

4. Provide annual cybersecurity awareness training for all employees.

Cybercriminals often target a company’s employees with phishing emails, links, and attachments. If an employee is unaware of the potential malicious intent behind these communications, they may unintentionally open the door to a cyberattack on the company. This is why it’s essential for employers to provide all team members with cybersecurity awareness training on a regular basis.

5. Use email spam, web security, and DNS-filtering software solutions.

Filtering software can help block a cyberthreat before it reaches the intended target, making this software a vital tool for a small business to use in their cybersecurity efforts. For example, filtering software can sift through emails and identify messages that look likely to be from attackers before they are delivered to an employee’s inbox. It can also monitor and manage the locations where employees are browsing the internet and block access to a site that may contain a virus, malware, or other malicious software.

6. Give employees the minimum network access privileges necessary to perform their specific job or task.

Limiting employee access to only the information they require to fulfill their responsibilities will typically help minimize the chances of unintentional or deliberate mishandling of your company’s data. In addition, since employees who have administrative privileges on a network are particularly attractive targets for cybercriminals, the fewer employees who have this access, the better it will be for your cybersecurity. It’s also critical that you have a documented process for ending an employee’s privileges when they are no longer with the company.

7. Back up all business-critical data often and on a regular schedule.

If your company is the victim of a cyber event, like a ransomware situation, having a recent backup of all your systems, especially those that store sensitive data, can be extremely helpful. In the event that all other efforts to get your data back from cybercriminals are unsuccessful, this backup may be your only way to ultimately restore your network. Cybersecurity professionals often recommend following the “3-2-1” data backup approach, which involves having three recent copies of your data stored across two different storage mediums or locations and one cloud storage provider.

It is important to remember that any data backup that is attached to your network or that an infected user has access to could become encrypted in a cyberattack. For this reason, experts recommend that at least one of your backups should be in a physically secure off-site location and should utilize a data service that is separate from your day-to-day network.

Taking these seven steps may go a long way in helping protect your business and employees from a cyber breach. But, as with any risk, it’s also a good idea to plan for the worst-case scenario. In this case, you will want to have a plan that will help your organization get back up and running as quickly as possible if a cyberattack is successful.

Finally, it can be extremely beneficial for a small business to invest in the added layer of security that a cyber insurance solution may offer. If your company’s data is compromised, or there is a privacy or identity theft incident, or you experience a cyber extortion event, this type of business policy may provide you with coverage and professional support services to respond and recover more quickly. Please contact your local insurance professional if you would like information about The Andover Companies small business cyber liability insurance program.


Step 1:

Click on the Find an Agent button to search for independent insurance agencies near you.

Step 2:

Contact the independent insurance agency you would like to work with by phone or email.

Step 3:

Leave it up to your agent to uncover the best coverage solutions for your valuable property.