Cybersecurity Strategies to Protect Your Small Business

Here’s what small business owners can do to better protect their data from cybercriminals.

From Wall Street to Main Street, businesses of all sizes are targeted by cybercriminals with increasing frequency. While small companies might think they are less likely targets, they’re often more prone to attacks than major firms. According to research by the Ponemon Institute, 72% of SMBs have experienced at least one cyberattack in their company’s lifetime. What’s more, Beazley Breach Response Services finds that roughly 62% of ransomware attacks target small and medium-sized businesses.

While big corporations typically house large and more extensive amounts of data, they also have the financial resources necessary to build a robust cybersecurity structure. With that in mind, comparatively, some small businesses may be easier for cybercriminals to target.

Thankfully, there are a few simple and affordable measures small business owners can take in order to improve their cybersecurity and better safeguard their business against data theft.

Make Passwords Your First Line of Defense

According to Verizon’s annual Data Breach Investigations Report, over 80% of hacking-related breaches are the result of compromised or weak passwords. As a result, one of the best no-cost measures a company can implement is to require the use of strong passwords.

When creating passwords, consider the following:

  • Use a strong combination of upper and lowercase letters, numbers, and symbols
  • Use the longest password or passphrase permissible
  • Enable multi-factor authentication when available
  • Do not reuse passwords — create a unique password for each account
  • Avoid passwords that reference personal information or include any words that can be found in the dictionary

Arm Your Employees With Knowledge

As a business leader, staying informed and arming employees with knowledge about best security practices can help create another budget-friendly line of defense.

Verizon’s Data Breach Investigations Report shows that human mistakes are responsible for more than 1 in 5 data breaches. In some cases, cyber criminals may also leverage publicly shared information in order to conduct business email compromise schemes.

Thankfully, employee training can go a long way toward thwarting cyberattacks. An effective anti-fraud training program should cover a broad range of topics. In addition to ensuring your employees know how to spot the signs of phishing attacks and business email compromise, ensure that your employees are well-versed on the types of company information they’re permitted to share online — especially through social media. Remember, an employee training program is also key to both preventing payment fraud and deterring internal fraud.

Establish Firewalls

If your company is like most modern businesses, its desktops, laptops, mobile phones, and other electronics are used to access internet and Wi-Fi connections. In that case, it’s tough to get around the need for a firewall.

Firewalls come in hardware and software forms and restrict outside access to your computers and the information they contain. They also scan for malicious traffic and software, blocking risky content from entering devices.

Hardware firewalls can be efficient for businesses with multiple computers working on one network because they act as a filter, scanning incoming information before it’s passed to networked computers. Certain internet service providers offer routers with integrated firewalls, where some protection is already built in at no additional cost.

Software firewalls provide a similar filtering function. While most operating systems feature some type of firewall, convenience must be weighed against risk, as firewall software typically runs on the device it’s working to protect.

Additional layers of firewall protection can be purchased through internet service providers, computer stores, and software companies.

Backup Data

Some critical security measures come at a cost. Perhaps the most important measure is backing up company data in case of theft or loss.

Solutions can come in the form of local backups, where a physical storage medium is kept close to the electronic data source, or cloud-based services that are accessed remotely. The amount of data in any backup can be full or partial, and the backup frequency may vary depending on the particular needs of the business.

Increasingly popular are cloud-based services. Cloud-based data is easily scalable, allowing users to pay for as much storage as they need at a particular time. An online search can help business owners estimate storage costs, as most service providers offer tools to calculate fees based on volume of data storage.

The government’s United States Computer Emergency Readiness Team recommends anti-virus software, in addition to firewall protection and data backups.

Depending on your company’s risk level, you may also want to look into anti-malware, password and data encryption, endpoint detection response systems, and spam filters, all of which can be deployed at a cost.

Create a Data Breach Response Plan

Data breaches have become an increasingly significant threat in recent years, and when one occurs, time is of the essence. The longer it takes a company to respond to a security breach, the worse the collateral and financial damage. For organizations, this means that in addition to investing in cybersecurity, having a solid response plan in place can potentially help reduce the overall impact of a data breach. Learn more about how to create a data breach response plan for your business.

Remain Vigilant

Cybersecurity software and practices need to be kept current. That means updating operating systems, browsers, and any cybersecurity software running on your company’s devices and networks, as well as your security guidelines.

And while the level of your company’s cybersecurity may depend on your budget, a fraction of resources — including time allocated for data protection — can go a long way.

Every day without proper data protection is a day that your hard-earned proprietary information, your customers’ data, and even the sustainability of your business is left vulnerable.

For small businesses owners, understanding your business's risks and being vigilant in addressing them is key. For more tips on how to safeguard your business, visit


This information is provided for educational and general marketing purposes only and should not be construed as a recommendation or suggestion as to the advisability of acquiring, holding or disposing of a particular investment, nor should it be construed as a suggestion or indication that the particular investment or investment course of action described herein is appropriate for any specific retirement investor. In providing this communication, Regions is not undertaking to provide impartial investment advice or to give advice in a fiduciary capacity.