Essential Cybersecurity Strategies to Keep Your Business Safe

Essential Cybersecurity Strategies to Keep Your Business Safe

Cyberattacks are on the rise, but there are many tactics you can employ at little-or-no cost in order to keep your business — and its data — safe.

How long can your small business stay afloat if its electronic data is hacked? If you don’t know the answer, it’s time to focus on your company’s cybersecurity.

Data breaches impact small businesses disproportionately harder than larger firms. For some small companies, a cyberattack could mean shuttering the business altogether.

Risks are higher than ever, and the number of security breaches continues to rise.

  • In 2015, the National Small Business Association found that 42 percent of small businesses had experienced a cyberattack or exposure breach.
  • A 2016 survey by the Ponemon Institute found that about half of small businesses had reported cyberattacks or data breaches.
  • The upward trend continued in 2018, with telecom giant AT&T finding that 80 percent of companies surveyed had fallen victim to a cyberattack or data breach in the previous year. Verizon found 58 percent of small businesses reporting similar attacks.

From Wall Street to Main Street, businesses are getting hit with increasingly frequent cyber breaches, but smaller companies pay a considerably higher price. While small companies might think they are less likely targets, smaller businesses are actually hit more frequently with data breaches than major firms because, on average, they make for easier prey.

Biz Tech Magazine found that just 33 percent of small businesses had purchased security software, and only 30 percent of IT professionals claimed they were confident they could protect their organization from a cyber assault.

Multiple successful cyberattacks on small businesses can be just as valuable to a hacker as a single successful breach against a large firm.

To add insult to injury, smaller firms are at high risk for ransomware attacks. These are attacks that render a company’s electronic files inaccessible until a ransom payment is made to the attacker. Unfortunately, payment offers no guarantee that files will be released.

What can small businesses do to prevent data theft?

A good first step is to identify what company data is at risk.

Start by identifying the types of information that, if lost or stolen, would shut down or stall business operations, or cause customers to lose faith in your brand. These could include:

  • Customer names
  • Addresses
  • Email addresses
  • Purchase histories
  • Social Security numbers
  • Customer' relatives
  • Dates of birth

Operational, customer and employee data, banking, credit, and other proprietary information stored on computer networks, servers, and mobile devices are all vulnerable to attack. Compile a complete list of important business data; know where it’s stored and how it’s transferred.

Protect the most critical data first

If you can imagine a data-related business-ending scenario, there may be no choice but to allocate part of your budget to protecting against it.

The good news is that, even if you’re operating an emerging or startup business with little-to-no IT budget, there are plenty of data practices requiring zero or minor monetary investment. Let’s start with those.

Be proactive and establish company guidelines

One of the best no-cost measures a company can implement is to require the use of strong passwords.

According to the National Institute of Standards and Technology, more than 80 percent of hacking-related breaches are the result of stolen or weak passwords.

The Department of Homeland Security’s U.S. Computer Emergency Readiness Team (US-CERT) recommends these password tips:

  • Use multi-factor authentication when available.
  • Use different passwords on different systems and accounts.
  • Avoid passwords based on personal information.
  • Use the longest password or passphrase permissible by each password system.
  • Avoid words that can be found in any dictionary of any language.

The US-CERT also suggests using mnemonics to create and easily recall effective passwords. “For example, instead of the password ‘hoops,’ use ‘IlTpbb’ for ‘[I] [l]ike [T]o [p]lay [b]asket[b]all.’”

Offer employee training

Business leaders who stay informed about, implement, and arm employees with knowledge about best security practices create another budget friendly line of defense.

The U.S. Federal Trade Commission reports that the majority of small business owners express concerns over human security errors.

They fear that employees may inadvertently compromise electronically stored data by unknowingly responding to threats like phishing schemes, ransomware attacks, tech support scams, and imposter scams.

They’re right to raise concern.

Verizon’s 2018 Data Breach Investigations Report shows that human mistakes are responsible for nearly 1 in 5 data breaches.

Employee training can go a long way towards thwarting cyberattacks.

Employees should be well-versed on the types of company information they’re permitted to share online, especially through email.

The U.S. Securities and Exchange Commission says malicious attacks often come from phishing fraudsters who craft emails and websites that mimic reputable companies or their employees and ask for personal or business information.

Control physical access to devices and networks

The National Federation of Independent Businesses says, when possible, business owners should also control physical access to computers and networks.

In an increasingly mobile world that can be difficult to do, though it’s worth some effort.

Firewalls are your friend

If your company is like most modern businesses, its desktops, laptops, mobile phones, and other electronics are used to access internet and Wi-Fi connections. In that case it’s tough to get around the need for a firewall.

Firewalls come in hardware and software forms and restrict outside access to your computers and the information they contain. They also scan for malicious traffic and software, blocking risky content from entering devices.

Certain internet service providers provide routers with integrated firewalls, where some protection is already built in at no additional cost.

Hardware firewalls can be efficient for businesses with multiple computers working on one network because they act as a filter, scanning incoming information before it’s passed to networked computers.

Software firewalls provide a similar filtering function. Some kind of firewall software comes standard with most operating systems, and they can free business owners from manual setup and maintenance. However, convenience must be weighed against risk, as firewall software typically runs on the device it’s working to protect.

Being located on the same system can hinder the firewall’s ability to detect and stop malicious activity,” US-CERT explains.

Additional layers of firewall protection can be purchased through internet service providers, computer stores, and software companies.

Backup data

Some critical security measures come at a cost. Perhaps the most important measure is backing up company data to ensure against theft or loss. How often, how much, and by what method, can vary from trade to trade.

Solutions can come in the form of local backups, where a physical storage medium is kept close to the electronic data source, or cloud-based services that are accessed remotely. The amount of data in any backup can be full or partial, and the backup frequency can vary depending on the particular needs of the business.

This list from US-CERT can help businesses evaluate which backup method best suits their operations.

Increasingly popular are cloud-based services. Cloud-based data is easily scalable, allowing users to pay for as much storage as they need at a particular time.

An online search can help business owners estimate storage costs, as most service providers offer tools to calculate fees based on volume of data storage.

US-CERT recommends using scanning and anti-virus software, in additional to firewall protection and data backups.

Depending on your company’s risk level, you may also want to look into anti-malware, password and data encryption, endpoint detection response systems, and spam filters, all of which can be deployed at a cost.

Stay on top of it

Cybersecurity software and practices need to be kept current. That means updating operating systems, browsers, and any cybersecurity software running on your company’s devices and networks, as well as your security guidelines.

And while the level of your company’s cybersecurity may depend on your budget, a fraction of resources — including time allocated for data protection — can go a long way.

Each day without proper data protection is a day that your hard-earned proprietary information, your customers’ data, and even the sustainability of your business is left vulnerable.


On a scale from 1 to 5, with 1 being 'Not Good' and 5 being 'Excellent', how would you rate this article?

Press enter to submit your rating

Rate this Article

Use this form to provide additional feedback based on the rating you provided.

Thanks for Rating

Would you like to provide feedback?

Thanks for your feedback!

This information is provided for educational and general marketing purposes only and should not be construed as a recommendation or suggestion as to the advisability of acquiring, holding or disposing of a particular investment, nor should it be construed as a suggestion or indication that the particular investment or investment course of action described herein is appropriate for any specific retirement investor. In providing this communication, Regions is not undertaking to provide impartial investment advice or to give advice in a fiduciary capacity.