7 Important Cybersecurity Practices for your Small Business.


According to the 2020 Verizon Data Breach Investigation Report (DBIR), 28% of all data breaches in 2020 occurred in small businesses. This means that out of the 5,250 confirmed breaches last year, 1,470 were against a small business. When you consider the expanse associated with rectifying a serious data breach, it is easy to see that the results can often be catastrophic for a small business owner.


It is imperative that all business owners have protection against cyber-attacks. Besides the potential loss of important business data, there are many other considerations such as:


  • Damage the company brand in the form of bad press or negative customer reviews

  • Loss of productivity

  • Loss of customer loyalty

  • Inability to secure business insurance


There are a number of commonly used cybersecurity tactics that will go a long way in protecting company data. Most of these can be implemented with relative ease and are readily available in the marketplace. While no level of protection can guarantee 100% success, these 7 will certainly go a long way in ensuring good data protection.


1.Use a firewall

Firewalls act as the first line of defense for an online cyberattack. Essentially, they act as a barrier between your data and the cybercriminals. While operating systems usually come with some sort of personal browser, they are not sufficient for servers. In addition, default firewall settings can be easily overridden by local users. It is recommended that more advanced firewalls be used to ensure a solid first line of defense.


2.Cybersecurity Awareness

Nearly 34% of all cyber-attacks occur due to employee error. One of the keys to solid protection is a formal Security Awareness program. This should include educating company resources on such topics as:


  • How to set up and manage a good password.

  • Recognizing common social engineering hacks used by bad actors to gain access.

  • How to deal with spam and potentially dangerous emails

  • Physical Security at the workplace and when travelling for work

  • There are a number of programs out there that educate company resources. In the overall scheme of things, these programs are very inexpensive when one considers the fact that they can negate the need to hire a dedicated Security Awareness resource for the company


3.Encrypt and backup data

It is now quite commonplace to store data in the cloud. Cloud providers offer any number of options often including a free storage tier. While this is convenient and efficient, it may not always be the most effective solution when it comes to security. Important company data should be stored in an online location that does not utilize a shared password. Each user should have their own password. This ensures an audit trail is available if needed.


If the data is critical, serious consideration should be given to encrypting the data at rest on the cloud. While data is typically encrypted while it is moving through the network, if it is encrypted at rest in the cloud, there is significantly less chance of hackers being able to access the data for either theft or ransomware attacks.


Lastly, the main cloud storage location does not have to be your only copy. It is very inexpensive to add a backup location elsewhere in the cloud, to ensure continued access in case of any serious issue.


4.Use multifactor authentication

Passwords, no matter how complex, can be broken using brute-force attacks. Bad actors have applications that can quickly break many passwords. Luckily, there is a simple solution to alleviate this potential security weakness. This is accomplished by adding another layer of identification to the password through a solution called Multifactor Authentication.


Companies are now able to ensure that whoever is accessing data is actually the person they say they are. Multifactor adds a second layer of security. Essentially, to access data, you now need:


  • Something you know (password)

  • Something you have (an authentication code sent through security token, SMS or email)

  • Multifactor Authentication is becoming more and more commonplace on most public email platforms and e-commerce sites.


5.Consider biometrics

While Multifactor Authentication is terrific, many devices are now including biometric functionality. Biometrics are nearly much harder for regular cybercriminals to overcome. Personal mobile devices now come with facial recognition and fingerprint scanners that can be configured to work with passwords. May laptop devices offer fingerprint readers as well. Biometrics can also be added at the individual document or file share level to further increase security.


6.Use a VPN

One of the best ways to protect your data is using a virtual private network (VPN). VPN’s essentially mask your network location and create an encrypted tunnel between locations. This ensures that any traffic entering the public Internet is “walled off” from being truly “public”. This way, company data is secure from any prying eyes that may be lurking out there on the Internet.


7.Work with professionals

Last, but certainly not least, it is very important that you find a solution provider you can trust when it comes to ensuringCybersecurity. While there are many businesses out there that provide varying levels of security support, it helps if the solution provider actually understands your business.


While you can buy an online application or service that may provide many of the items listed in this document, it helps immensely if you can also pick up the phone and speak with a trusted partner.