5 ways small businesses can protect themselves from cyber attacks


A hacker attack takes place every 39 seconds. Here’s how you can protect your small business from becoming a victim.

By the latest estimates, 230,000 new malware samples are produced every day, making businesses more vulnerable than ever before to cyberattacks. In 2018, huge brands such as T-Mobile, Facebook, Quora or British Airways became victims to major attacks that targeted encrypted passwords and personal user data and that affected hundreds of thousands of users.

However, large companies are not the only ones that can be affected by data breaches. According to a recent study, a whopping 65% of all cyber attacks are aimed at small and medium-sized businesses, and it’s not hard to understand why. SMEs are often unprepared to deal with cyberattacks, they lack the resources and infrastructure, and, most of the time, owners aren’t aware of the importance of cybersecurity.

The total cost of a successful cyber-attack is over $5 million, or $301 per employee. Whilst giants like Facebook and Marriott can bounce back from the attack, the costs are substantial and the impact on a small business can be debilitating. Whether you have a small web development company, an online store selling handmade jewelry or an accountancy firm, you need to take cybersecurity very seriously, because your data is vital.

Educate your employees on cyber intelligence and security

Did you know that 60% of all breaches are caused by workers inside the company? As a small business owner, you might be considering training your employees in other areas relevant to your field of activity, but cyber literacy is just as important. In an age where more and more businesses go online, cyber intelligence matters as much as sales, marketing, and customer support, it is imperative everyone is educated on cyber risk and developing a strong security policy can save you from many unpleasant consequences, so make sure your employees know what practices can make you vulnerable:

  • Instruct workers to recognize suspicious emails, pop-ups, and links.

  • Don’t open attachments from people you aren’t familiar with

  • Don’t install any software that’s not authorized by the company.

  • Don’t send sensitive company information over the phone and don’t share it publicly online.

  • Teach your employees how to create a strong password and make sure they change passwords frequently.

  • Allow only company computers and phones to be connected to the company Wi-Fi.

  • Don’t leave private login information where anyone can see it (i.e. on the conference room whiteboard, in a plaintext on the desktop, on post-it notes).

Invest in cybersecurity tools

Developing cyber literacy is a great first step in protecting your company from attacks, but unfortunately, it’s not enough. To ensure hackers don’t manage to breach your systems, you should invest in complete anti-malware protection. “Malware” is a general term that refers to several types of malicious software that can infect computers, such as viruses, Trojans, spyware, adware, and ransomware. Furthermore businesses should invest in endpoint security and threat detection tools, to be able to further understand threats and add an extra level of protection, so when something does go wrong, you have everything in place to protect yourself.

You should also consider encrypting your business data to keep information such as names, birthdays, addresses, credit card numbers, financial records, and social security numbers safe.

Secure your Wi-Fi network

Your business most likely uses a Wi-Fi network, but is it secure? If you simply took the router out of the box and followed the next->next->finish path to set it up, then your Wi-Fi network could be a major liability. Ensure you follow these steps to secure it:

  • Move the router to a secure location that only employees can reach

  • Change the default router login information

  • Use the WPA2 encryption protocol

  • Turn on the SPI (stateful packet inspection) or NAT (network address translation) options in your router settings

  • Separate private and public access to the Wi-Fi network

  • Turn of WPS to prevent people from pairing devices to your network unless absolutely necessary

  • If possible, limit the number of devices that can connect to your network

Hire a security expert

Unfortunately, most businesses find out they’ve been hacked when it’s already too late, so you should hire a cybersecurity expert to monitor and protect your data on a regular basis. Cybercrime is a dynamic, fast-evolving area and hackers learn how to bypass security measures really quickly. To avoid a data breach, you need to be one step ahead.

You already have a business to run, so after taking all the basic security measures, leave it to an expert to take care of cybersecurity. What does this involve exactly?

Stay up to date with the latest threats and hacker practices. So far, the most dangerous ones in 2019 are software update supply chain attacks, phishing attacks, ransomware, and IoT botnet DDoS attacks.

  • Make sure your anti-malware software is always up to date.

  • Constantly monitor your data to protect against compromises.

  • Mitigate the impact of a potential data breach and help your business recover as quickly as possible, with minimum financial loss.

  • Install advanced cybersecurity solutions when your existing ones become outdated.

Hardware security matters too

Last, but not least, don’t forget to secure your business hardware. Sometimes, corporate data ends up in the wrong hands not because a hacker broke into your system from the other side of the globe, but because a work laptop was left unattended in a public place. Taking a few extra security measures will help you reduce the risk of theft and avoid high recovery costs:

  • Install security cameras and alarm systems to discourage people from accessing business data.

  • Always secure company devices with a strong password.

  • If you have on-site servers, make sure they are well guarded and that only IT personnel have access to them.

  • Set-up two-step authentication wherever possible.

  • Keep a good record of the employees, vendors, or visitors who use your company hardware (computers, laptops, tablets, smartphones, etc.)

  • Install tools that track your devices’ location and allow you to swipe them in case they are stolen.

It’s never too early to start protecting your company from cybercrime. Even if you might not think you’re a valuable target for hackers, studies show that small and medium-sized businesses are incredibly vulnerable. Through vigilance and implementing these steps you are taking the right precautions to making your business safe.