Cybersecurity for the Small Business

Here’s what small business owners can do to protect their companies against cyberattacks.

Running your own business has long been — and still remains — an endeavor that holds the potential for financial success and a sense of personal accomplishment. And while the technological advancements of the digital age have made entrepreneurship a more realistic and convenient pursuit, they have also introduced a new set of concerns and potential threats that don’t always get the time, attention and resources necessary.

“I don’t think anyone intentionally says, ‘I don’t care about cybersecurity,’” says Jeff Kennedy, Chief Information Security Officer for Regions Bank. “They just don’t realize how highly vulnerable they can be to things like fraud, cyber scams, and the loss of intellectual property.”

Despite the very real threats, many small business owners remain in the dark about how to develop a cybersecurity strategy for their business. However, one of the most effective places to start is by asking the following questions:

  • What do I want to protect?
  • What are my overarching security policies and goals?
  • Who has access to my network?
  • What is the value of my company’s and employees’ intellectual property?
  • What is the nature of the service agreement I have with my Internet provider?

When small business owners start with these questions, they can then begin to implement a small business cybersecurity strategy that makes the most sense for their companies.

Awareness is Key

Budget is a top-of-mind priority for small businesses in particular, but as Kennedy points out, there are plenty of precautions a business can take that won’t break the bank. “Often it is more about awareness than anything else,” he says.

For most small businesses, some of the most effective strategies for raising awareness include:

  • Educating employees on potential cyber threats and scams, raising the level of awareness across the board.
  • Ensuring that all computers associated with the company are equipped with anti-virus and anti-malware software.
  • Requiring dual authorization — a system where two employees must approve and sign off on a particular transaction before it can be executed — to help prevent payment fraud.
  • Encouraging employees to question anything and everything that seems unusual, such as email requests for money transfers or unsolicited business inquiries from overseas.

Whether an owner is in a position to spend on cybersecurity or not, Kennedy says that practices like frequently changing passwords — every 90 days is a good rule of thumb — and using established and reliable brands when it comes to applications and software are practical and cost-effective steps to take when trying to mitigate a potentially devastating hack.

Finally, Kennedy also encourages his clients to ask questions. “We encourage all small business owners to ask the tough questions and make sure their businesses are safe for today and in the future.”

Ultimately, understanding your business's risks and being vigilant in addressing them is key. For more insights and tips to help you protect your small business, visit


This information is general in nature and is not intended to be legal, tax, or financial advice. Although Regions believes this information to be accurate, it cannot ensure that it will remain up to date. Statements or opinions of individuals referenced herein are their own—not Regions'. Consult an appropriate professional concerning your specific situation and for current tax rules. Regions, the Regions logo, and the LifeGreen bike are registered trademarks of Regions Bank. The LifeGreen color is a trademark of Regions Bank.