Blog » Business Matters » 12 Ways to Protect Your Small Business Against Cyber Attacks
Business Matters

12 Ways to Protect Your Small Business Against Cyber Attacks

Small businesses are often unprepared when it comes to cyber attacks. Here are a couple of basics on how to protect your company.

By: Sylvia Slezak | Feb 2020

Share: 

Just because you run a small business, doesn’t mean you’re beyond a hacker’s reach. Recent data breaches indicate that businesses of all types, sizes, and in all locations are at real risk of a cyber attack. Small businesses are particularly susceptible to hacks and breaches simply because they are small and often unprepared. With hackers increasingly targeting small businesses, protecting your systems doesn’t have to be complicated. Here are a dozen basics on how to begin.

1. Secure Your Hardware

Data breaches can be caused by physical property being stolen. You are taking a big risk if your servers, laptops, cell phones or other electronics are not secure and easy to steal. While security cameras and alarms will help, physically locking down computers and servers will help even more. Protect all devices with a complicated password, only share that password with the device user, and commit it to memory instead of writing it down. Consider physically attaching computers to desks. Install “find my device” software on all laptops, phones and tablets so that when they are stolen, the authorities can quickly locate them.

2. Hire Security

Find and hire an outside expert to evaluate your risks, and guard your property and data -- physically and online. Make sure the company is truly trustworthy and one that you can trust.

3. Install Antivirus Software

There are many types of antivirus software out there, and they don’t have to break the bank. If you already have good antivirus software, make sure the auto-update and firewall options are turned on.

4. Back Up Your Files

Updating your web applications can help prevent an attack, but it’s important to regularly back-up important files just in case. Should they occur, data encryption remains the most efficient fix for data breaches. Be sure to encrypt all sensitive data, including customer information, employee information and all business data. Full-disk encryption software is included in virtually all operating systems today and can encrypt all the data on a desktop or laptop computer when it’s at rest.

Email inbox
Email inbox photo by csp_jongjet303

5. Be Wary of Email & Downloads

Email scams are becoming more and more sophisticated. Spear phishing, for example, is an email that appears to be from an individual or business you know, designed to trick you into revealing personal info. It’s important for you and your employees to be wary of anything entering your inbox. Never click a link or open an attachment that you did not expect to receive, and if you aren’t expecting something or have to think twice about the contents, don’t open it.

6. Install Software & Operating System Updates

Pop-up reminders to update your web browser or operating system (like Windows or macOS) may seem annoying, but don’t ignore them. Make sure that operating systems and applications are always fully patched with the latest security fixes, which will help protect you from cyber attacks.

7. Use Complex Passwords

Weak passwords are an invitation for hackers. Refrain from using simple passwords, or using the same password for multiple accounts. Invest in complex password policies for all of your staff. Passwords should include a minimum of 10 characters, upper case letter, lower case letter, number and symbol.

8. Use Secure Systems to Accept Card Payments

Never photocopy, electronically key-in to a terminal, hand write, or manually copy credit card information. Consider a secure online payment system like PayPal to accept transactions. If your systems are compromised, keystroke loggers and other hacking tools can scrape the manually entered information for later attacks. For in-person purchases, make sure you’ve upgraded to the latest point-of-sale equipment.

9. Avoid Banking Over Unsecured Wi-Fi

As convenient as they may be, Wi-Fi connections at coffee shops, airports and other public places aren’t secure. Never log in to your online banking profile on an unsecured network—it’s too easy for someone to steal your information that way. Invest in a VPN service to secure your transmissions if you are on the road needing to use public Wi-Fi.

Plugging in a USB stick into laptop
Plugging in a USB stick into laptop photo by csp_Stocksolutions

10. Avoid Using Free USB Drives

Free USB drives might seem appealing, but they can cause big problems. Don’t plug in the USB drive unless you trust the source. These drives can easily be used to carry and deliver a malware or virus onto your computer and giving someone else access to your important information.

11. Secure Physical Devices Storing Sensitive Data

Sensitive data can be physically stolen as well. Computers and drives with private business or customer information should be protected. It is also good to remote wipe phones and tablets. That also means not leaving your laptop on the front seat of your car.

12. Train Your Employees

Make sure your employees are aware of company IT policies, how to avoid email scams and other types of cyber attacks. This can easily be accomplished through regularly held training sessions. When it comes to good cybersecurity, your actions are more important than any technology.


Protect against the threat of an attack. Even though the threat of cyber attacks is real, it’s easy to forget all about it until one strikes. However, if your company has an online presence, stores customer and company data on digital devices and uses cloud-based software, a thorough cyber security strategy is essential. We’ve only covered the basics in this article. The use of firewalls, anti-malware software, data back-up, and up-to-date data encryption, you should implement firewalls alongside thorough and ongoing employee education on cyber security.

CityOf.com provides information and resources to help guard against cyber attacks and set up security measures. Search CityOf.com to find Cyber Security, Backup & Recovery, Managed IT Services, Online Security Consulting, Data Management, IT Network Support, IT Consulting, Software Development, and more.

Explore More