Cybersecurity tips for small businesses

man glasses jacket

When you own a small business, it's crucial invest in the best internet security software for your business as well as educate your employees

When you own a small business, the adage “you are only as strong as your weakest link” holds true when it comes to cybersecurity. That’s why you need to invest in the best security software for your business as well as in digital safety education for your employees.

Types of small business cyber threats

Although cybercriminals are creating new ways of launching cyber attacks, some of their more common methods for breaching small companies have been around for a while.


Business email compromise (BEC) scams, also known as phishing emails, continue to cause major losses; more than U.S. $5 billion dollars have been stolen domestically and internationally in the past three years. Approximately 7,700 organizations are hit by a BEC scam every month.

Phishing occurs when a cybercriminal tries to trick an email recipient into opening a malicious attachment or clicking a link to a malware-laden website that could download ransomware. This method has remained popular over the years, which perhaps indicates that the person behind the computer keyboard can be the weak link in a company’s security.

Watering holes

Watering hole attacks are when legitimate websites are hijacked by an attacker and turned into malicious websites, typically without the knowledge of the sites’ owners . These types of sites attempt to install malware onto a device. This usually requires some action by the user, such as clicking on a link, downloading a file, or giving away information.

Drive-by downloads

In the case of a drive-by download, a malicious website will attempt to install software on your computer without asking for permission first. This could happen if proper security systems are not in place or if the operating system is outdated.

Why do cybercriminals target small businesses?

The most likely reason for a cyberattack is intelligence gathering. A data breach is one possible result of a successful attack. Data breaches can involve a variety of information, from documents and intellectual property, to credit card and financial information. Sometimes, cybercriminals could even mine information about your staff and customers. According to a 2017 Ponemon study, the global average total cost of a data breach is U.S. $3.62 million.

Cybersecurity best practices for small businesses

Cybersecurity for your small business begins with digital security best practices education and training. Educate all your employees with the same best practices. When new employees join your team and best practices are updated, provide refresher training sessions.

As you develop best practices to protect your small business from cyber threats, do some research. The National Cybersecurity and Communications Integration Center’s (NCCIC) website can help you create a solid cybersecurity plan for your business. You may want to establish guidelines around the following three security topics as you teach your employees how to make digital safety a daily habit.

1. Software updates 

Hackers can enter your computer network through outdated apps with known vulnerabilities. Make sure your employees know to install software updates and patches for applications and operating systems as soon as they’re available.

2. Passwords

Teach your employees that the best password is a secure password. A good solution to remembering and using strong passwords is a reputable password management application. This stores passwords in one place, allowing people to generate strong, complex and random passwords that they don’t need to memorize. They only need to remember one password to unlock the app itself. Alternatively, ask your employees to create strong passwords that are at least 10 characters long and include numbers, symbols, and upper and lowercase letters. Advise employees to never write down passwords to keep on their laptops or workstations.

3. Virtual Private Networks

VPNs can go a long way toward securing your company’s information. Virtual private networks encrypt all traffic leaving and entering your devices. If someone somehow manages to intercept your information, all they will have is encrypted data.

Why cybersecurity awareness is important

Unfortunately, none of this education and training will help secure your business unless you create a culture of cybersecurity awareness around the office. So how do you encourage your employees to protect your company’s information?

  • Compliance programs: Make changing passwords a regular task, like getting an oil change in your car. Ensure everyone is doing what they need to do to keep their passwords secure.
  • Rewards programs: Offer rewards for employees who find ways to improve cybersecurity around the office, such as by reporting phishing emails.
  • Accountability programs: Encouraging your employees to tattle on each other for not following best practices will just erode trust. However, encouraging your employees to gently hold one another accountable will help ensure compliance with best practices. Consider instituting an anonymous reporting system or encourage employees to have open conversations about cybersecurity with each other. You can also try appointing cybersecurity culture advocates to help keep employees trained and motivated.
Norton logo
  • Norton
Norton empowers people and families around the world to feel safer in their digital lives

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


    Want more?

    Follow us for all the latest news, tips and updates.