10 Ways to Improve Cybersecurity in Your Small Business

Written by neatly.io on 24th July 2019

With the average cyber-attack carrying a price tag of nearly 10 million, it should be no surprise that regardless of size,, every business needs strong cybersecurity to prevent data breaches and ensure the safety of their customers’ data. Doing so keeps the business image you’ve worked so hard to build safe and avoids the hundreds of thousands of dollars in costs that can arise from a cybersecurity complication (because things can and will go wrong if there aren’t proper safeguards in place). Besides, every business nowadays relies heavily on technology, whether it’s through running a simple website or hosting servers. That’s why it’s important to take the necessary steps to build a set of cybersecurity protections into your business.

However, I’m aware that knowing where to start can be a difficult process, which is why I’ve put together 10 Ways to Improve Cybersecurity in Your Small Business that you can use to build a foundation of web security in your small business.

1. Use Strong Passwords

To start simple, let’s start with one of the most-advised cybersecurity tips you’re probably tired of hearing—always using strong passwords. To keep sensitive customer data and personal records safe, using any password you come up with won’t be enough, even if you think that “goodlife2” is somehow too hard to figure out (which I can assure you, it’s not hard for a hacker). Be sure that the passwords you use anywhere in your business adhere to a set of security standards, such as:

  • Using at least 8 characters, preferably 10 or more
  • Using both uppercase and lowercase letters
  • Using a special character (!, @, %, &, etc.)
  • Not including identifying information such as birthdays or names

By incorporating these elements into all of your passwords you’ll be making it much harder for hackers to crack your password, as a password that makes use of all of these standards would take on average 3 years for even a supercomputer to crack.

2. Change Passwords Often

If you want to improve cybersecurity in your business, not only do you need to have strong passwords on all of your accounts and sensitive data, but you also need to be changing those passwords often. Which brings me to my next point: make sure to have a practice of changing passwords every so often, and make the changes consistently. Every month or two should be fine for the average business owner, although you should aim to change them as often as possible. 

However, changing your passwords so often can lead you to forget them. Fortunately, there’s an easy solution: use a password manager so that all your passwords will be in a secure place while also being easily accessible. It’s at least much better than writing your passwords down!

The reason it’s important to change your passwords often is that in the case that hackers do get access to your account information, the login details will be outdated as you changed your password recently, leaving them with no way to access your account. Unless they’re able to change the password themselves, which only multi-factor can prevent, which I’ll talk about next.

3. Use Multi-Factor Authentication

Sometimes, making your passwords strong and changing them often isn’t enough, and hackers are able to get your password. This is why it’s a good idea to have Multi-Factor Authentication (MFA) on everything that uses a password, so that if thieves do gain access to your password, MFA stops them from getting into the account. 

MFA is a security measure in which a system requires more than one form of authentication to gain access into the account. For example, your first form of authentication in a typical login may be username and password, but if MFA is enabled, the system will then request a second type of authentication, typically a code sent to a phone number or email, fingerprints, or even iris verification.

Today, many companies force MFA onto their customers, as they realize the extra security it provides. Not only this but on many typical business accounts, it is free of charge to implement. Setting up MFA for all of your business accounts could be the difference between a breach a breach being successful or hackers giving up.

4. Install Anti-Virus on All Computers

This may seem obvious to some, but you’d also be surprised to learn that 43% of all data breaches target small businesses. Statistics like this show just how important it is to have at least basic cybersecurity in your small business, as there’s a flip-a-coin chance that you’ll be targeted in the next attack. 

That brings me to my next point: installing an anti-virus program on all of your computers. For nearly as long as computers have existed, anti-virus programs have been one of the first applications we install onto our personal computers, and the same should apply to the systems in your small business. 

An anti-virus program will perform scheduled scans on your systems to ensure that there’s no malicious applications on them. They will also take care of deleting such applications if they slip through, so it’s basically a bodyguard for your computer. 

There are many different kinds of anti-viruses available today, both free and paid. So, whether you’re trying to keep costs to a minimum or go with top of the line security for your small business, there’s an option for you. 

5. Setting Up a Firewall on Your Networks

Aside from computers, there’s another vulnerable element of your small business you may not have taken the time to protect: your network. Firewalls are similar to anti-viruses, but they can protect your whole network instead of individual computer or systems. 

There are many different types of firewalls available for you to choose from, but in theory they all perform the same core function: block unauthorized access while permitting authorized communication. What this means is that they place restrictions on how anything outside your network can interact with you, reducing the likelihood of a hacker infecting you through internet-based attacks. Firewalls can also reduce the damage a hacker can do if they do manage to get in, as security rules can be implemented within a firewall to prohibit certain actions from being executed in a server or network.

6. Enabling HTTPS on All Sites 


In 2017, Equifax suffered a breach that cost it $1.4 billion, as an expired SSL certificate on their domains prevented them from noticing the breach had happened. This breach could’ve been much less costly or even entirely preventable, as their certificate had expired 10 months prior, and they were also informed of a potential web vulnerability a few days before the breach occurred. 

Breaches like this is why it’s important to ensure you have Secure Sockets Layer (SSL) and Hyper Text Transfer Protocol Secure (HTTPS) correctly enabled on all of your sites. SSL/HTTPS is a security protocol which encrypts data transferred to your website.

Without getting into too much detail, enabling HTTPS on your websites protects the data of your website visitors, whether it’s a simple login or credit card information. It’s actually required by law for all eCommerce stores, so make sure to check what the requirements are for your particular website. 

Once you have an SSL certificate installed, make sure to redirect all pages in your website from HTTP to HTTPs so that your visitors don’t get a “not secure” warning when they go on your website.

7. Cybersecurity Training For Employees 

Unfortunately, the technology side of your business isn’t the only thing that requires attention when improving the cybersecurity of your business. There’s also employees, who are bound to make mistakes if they aren’t trained properly. In fact, the biggest cause of data breaches is employee negligence.

This is why having a required ‘cybersecurity basics’ training program at your business may be beneficial. Teaching employees things like how to spot a phishing email or not to click on suspicious links can save you a lot of headache—and money. 

8. Spam Filters 

According to Alert Logic, the average user receives 16 malicious emails per month. This means that every other day, a typical employee at your company will receive a malicious email. Now let’s assume that you don’t have a spam filter incorporated into your email system. Even if your employees are trained in cybersecurity guidelines, with these emails coming in so often, someone is bound to make a mistake, and a single mistake is all it takes for a hacker to potentially cost you tens of thousands of dollars. 

This is why email spam filters exist, and why you should have one installed in your email if you haven’t done so already. A spam filter uses machine learning to look for certain words or phrases to determine whether an email is legitimate or spam. 

Some email platforms such as Gmail come with their own spam filter, but as a business owner, if you have a system-based email system like Outlook, you should discuss adding a spam filter with your system administrator as pre-installed filters tend to have their flaws.

9. Keep Software Up to Date 

If you’re a business owner, it’s likely you’re aware that adaptation is required if you want to keep up with the market. Software works the same way, and so do hackers. There are things like zero-day vulnerabilities, which are new exploits in software that are unknown to owners but not to hackers. Essentially, it’s like the discovery of a new ‘treasure’ to a hacker, per se. 

Such vulnerabilities can allow hackers access into your system and allow them to install viruses or steal customer data. Thankfully, software companies are always working to patch these vulnerabilities, which is why it’s important to update your software as often as possible or enable automatic updates, which install updates for you as soon as they’re available. 

10. Give Employees Only the Permissions They Need 

In most business-oriented pieces of software, an administrator is able to set permissions for each employee. Rather than set permissions for individual users, many administrators set permissions based on department. This means that the Marketing, Operations, Customer Service, etc. departments would each have their own set of permissions. You wouldn’t want the Marketing department to have the permission to approve or deny checks, as that’s not their job. That’s what permissions do for you—separate responsibilities and tasks. And if a hacker gains access to an account, they’ll be limited in what trouble they can cause.

Final Thoughts

There are various ways to improve your business’ cybersecurity. You can start making your business more secure by using strong passwords, training your employees on cybersecurity basics, and adding SSL to your websites among other things. It’s important to ensure your business has security standards in place as doing so can save you from future headaches—and breach-related bills.

About the Author 

Jaysson Hollingshead is a writer and digital marketer specializing in cybersecurity with experience writing articles surrounding SSL certificates, data breaches, and website optimization. He enjoys digging deep into social media marketing, writing code, and you’re also likely to find him tinkering with computers when he’s not writing for SectigoStore.