Cybersecurity Basics for Small Businesses

Part 6 of the “Things we wish we knew” Blog series

By: Tina Oddleifson, Business Advisor

Decorative photo representing cybersecurity on phone and computerMost small business owners don’t spend time worrying about cybersecurity attacks. Who would want to pick on your small business anyway, right? Wrong!  As business advisors in Maine, we have heard many stories from our clients about attempts and attacks on their businesses. In some cases, this leads to the permanent closure of the business.

According to the US Cybersecurity and Infrastructure Security Agency (CISA) established by Congress in 2018, small businesses are three times more likely to be targeted by cybersecurity attacks than larger businesses.  Over 80% of ransomware attacks are targeted at small and medium-sized businesses and 60% of businesses who experience a ransomware attack cease operations entirely within 6 months.  

Those are some pretty scary stats,  but there are steps you can take to cut down on the likelihood of a cybersecurity attack on your business.

Train your employees

Untrained employees are the leading cause of data breaches for a small business. All employees should know:

  • How to spot email phishing attempts.  Because of AI tools, phishing emails are getting increasingly sophisticated and often sound like legitimate emails.  
  • To never click on links, logos, questionnaires etc from unknown sources and carefully scan email addresses for attempts to mimic familiar ones.
  • How to create strong passwords and turn on two factor authentication
  • How to use safe internet browsing techniques

Secure your network

Your connection to the internet should have a firewall and be hidden to the public. If employees work remotely, have them use a virtual private network (VPN) to connect to your network.

Use a Cloud-Based System

While it might seem counterintuitive, cloud-based systems like Google Drive and Microsoft One Drive typically have a much higher level of security than security you can provide for your own on-premise server.

Backup important files

Always have backups of critical files on an external hard drive that is kept in a safe place.

Update Software and Control Access

Update software, browsers, operating systems, and anti-virus software as these typically contain critical security patches.  Only assign administrative privileges to IT professionals and key personnel.   Downloading and installing software can be a harmful practice and should be limited to those who can assess its security.

Enable multi-factor authentication

Multi-factor authentication means that additional information is needed beyond just a password to access any kind of account. Requiring multi-factor authentication greatly reduces data breaches.  Examples include additional pieces of information only the user would know; fingerprints; facial recognition; and one time passwords (OTPs) sent to a cell phone or email address; 

Additional Resources

CISA Cybersecurity Advice for Small Businesses

SBA Cybersecurity Advice for Small Business

Federal Trade Commission Cybersecurity Advice for Small Businesses