A staggering 43% of all cyberattacks in the U.S. target small businesses and 60% of small businesses that are victims of a cyberattack go out of business within six months.  However, even more surprising is that over 70% of organizations still don’t have a cybersecurity plan in place.  This means a vast majority of small businesses in the U.S. are vulnerable to a devastating cyberattack.  Small businesses are attacked more often than large corporations because cybercriminals are often seeking to obtain the personal information of customers to use for identity theft purposes.  Cybercriminals target small businesses because they are vulnerable and easier to penetrate than larger businesses with dedicated cybersecurity.  So why aren't small businesses protecting themselves and investing in an improved cybersecurity infrastructure?  There are likely many reasons from a lack of resources to a lack of information or strategic planning.

Here are 7 essential components that any small business can implement to protect customer data and avoid becoming a victim of a cyberattack.  

1. Implement a Robust Firewall

The first line of defense is a firewall standing between your private business data and the outside world.

2. Create and Enforce Password Practices

Strong and unique passwords should be used for all your systems.  Implement strong password policies for all employees and teach them how to create strong passwords.  Consider using a password manager, ensuring all passwords are changed after a maximum of 90 days, and enforcing password policies through group policy settings if possible.

3. Utilize Multifactor Authentication

Technology is rapidly advancing and passwords are just not enough these days.  With multifactor authentication, once you input your username and password, there is an extra step required to verify yourself and access network systems.  This is a piece of information that only you would know or have access to, such as a one-time code sent to your smartphone or a biometric fingerprint.

4. Train Employees on Data Breach Prevention

Most security breaches are caused by human error.  One of the easiest ways for cybercriminals to infiltrate a network is by preying on employees that don’t recognize or understand the risks involved.  Whether they attack your computer endpoints through email attachments, malware, or document downloads, a simple phishing email could lead to network compromise.  Cybersecurity awareness training for your employees on how to recognize cybersecurity red flags is vital and does not have to be expensive.


5. Secure Data Backup and Storage

Improving cybersecurity involves storing customer data in an encrypted database and for very good reasons.  All systems containing customer information or trade secrets should be encrypted.  Be sure to routinely backup your data and store it in a secure offline location.

6. Perform Regular Vulnerability Checks and Software Updates

Regular vulnerability checks are essential to minimize risks and prevent potential data breaches. 

Set your business system up with automatic software updates, and employee training to ensure they stay vigilant at all times.  You can hire an IT company to conduct these checks if feasible.

7. Have a Cyber Security Disaster Plan Ready

The most important thing you need to understand about improving the cybersecurity posture of your small business is that it’s an ongoing process.  In the event of a security incident or data breach, you should have an incident response plan and a disaster plan ready to implement immediately.  This will give you the best odds of protecting your precious business data and recovering from a potentially devastating cyberattack.