Small Business Tips and Tricks for Better Cybersecurity

by Jonathon Striley

VP, Information Security

Member Tips

Cybersecurity is important to all of us as individuals. When you’re running a small business, it becomes critical. In a business setting, your risks and responsibilities are multiplied from those of an individual. A breach of your financial, employee or customer data can be disastrous, and small businesses could have a much more difficult time recovering than larger companies with access to more resources. 

Fortunately, our cybersecurity team has outlined some steps you can take to help protect your business, and your livelihood.

1. Create a Strong Password Policy:

One of the easiest ways to boost security in your company is with complex passwords. The longer the better! Keep it as long as you can easily remember. If you have a favorite phrase, combine it with some special characters ([email protected]#$%*) for a superhero strong password.

2. Train employees to detect phishing emails and malicious websites:

Cybersecurity training for employees could be one of the most effective ways to reduce your risk of a breach. In a team, you are only as strong as your weakest link. Having everyone understand about phishing emails, malicious websites, or other risks may save you time and money.Employees should also be aware of Business Email Compromise attacks, which occur when a hacker takes over the e-mail account of a trusted vendor or other third party.Always ask if an email makes sense, or is too good (or bad) to be true.Validate suspicious emails with a phone call when in doubt.

3. Use Multi-Factor Authentication (MFA):

MFA is using more than one verifier for logging in. It provides additional assurance in case the superhero strong password gets compromised. Your employees know their passwords, but do they also have a separate code or token?

4. Use anti-virus software:

Antivirus software is a program designed to detect and remove things that are trying to damage or compromise your network. You may also see this advertised as Anti-malware. It will assist you in keeping your company safe from cyber threats.

5. Secure wireless networks:

With how embedded electronics are in our everyday lives, it has become common place to have wireless networks almost everywhere. All wireless networks should be secured with strong passwords. It is even better to establish two networks if one network will be open to customer use. This way, business computers can be safely on a completely separate network from someone walking through your front door.

6. Use encryption whenever possible:

Whether working for the CIA or running a local business, keeping data confidential is a top priority. Customer data should be encrypted wherever possible. This means using security (HTTPS) on websites, using secure file transfer solutions, and using encrypted email when transmitting private information.You can also encrypt the hard drives of laptops to protect data if they are lost or stolen.When possible, look for solutions which use AES256 encryption.

7. Get a secure Virtual Private Network (VPN):

While we are thinking about encryption, let’s talk about encrypted tunnels. VPNs are encrypted tunnels where employees can remotely access customer or business data securely over insecure networks. VPNs can help employees securely work from home during uncertain times.

8. Install software updates promptly on all computers:

You wouldn’t want holes in your clothes, so why would you want them in your business? Software updates for computers, phones, and any other device often fix security holes which could allow a hacker into your company. Updates should be installed promptly. Staying on top of this may help your company save big later.

9. Perform Regular Backups:

Does your favorite athlete have a back-up? So should your company’s systems. Performing regular backups is one way of having customer data available to reload during an emergency. It also becomes helpful if data becomes corrupted and needs to be restored. Be sure to test your backups periodically to ensure they will be usable in an emergency.

10. Make a plan for responding to and recovering from a cyber-attack: 

Planning is something that needs to be considered to lessen the effects of a breach. Having a plan in place can cut down on response time and act as a checklist so things will not be forgotten or overlooked. A response plan can also help your company get back to serving customers as quickly as possible.

11. Bank Safely:

Ensure that only appropriate employees have access to financial tools such as mobile banking.Assess your company’s potential risks, and determine appropriate rules for access to financial tools.Use Multi-Factor Authentication (MFA) where possible, and be alert for unusual requests to wire or transfer funds.

12. Consider cybersecurity insurance:

Yes, they even sell insurance for breaches and attacks. If your company is unable to avoid a breach, insurance helps to offset the monetary cost of one.

13. Consider adopting the NIST Cybersecurity Framework:

As your staff helps to reduce the cybersecurity risks to your organization, it may be beneficial to adopt a framework. The NIST CSF provides an outline to assist your company in building a mature cybersecurity defense. Here is the link for the NIST CSF:

You can also find additional resources at the following links:


Brett Obringer, Coastal’s IT Governance Risk & Compliance Analyst, contributed to this article.


Back To All Articles

Social Blog Features

You Also May Be Interested In

Member Tips
Holiday Scammers: What To Look Out For
Read Article
Avoiding COVID-19 Scammers
Read Article
Member Tips
Navigating Uncertainty: The Importance of Having a “What If” Plan
Read Article