Cybersecurity for small businesses: what you need to know

Take a few small steps to prevent major losses in your independent business.

Independent businesses (you!) are the backbone of the American economy. They support local communities, provide jobs, and drive innovation. But they’re also a major target for cybercriminals. 

In fact, according to a 2023 study by Verizon, small businesses had 30% more data breaches than large businesses. Of these, 98% of attacks had financial motives and most (54%) were committed using compromised credentials—like passwords and usernames. That’s why it’s more important than ever for independents to learn about cybersecurity best practices for independent businesses to make sure they’re not putting themselves at risk. 

Jump to:

• Why is cybersecurity important for independent businesses?
• How have cybersecurity best practices evolved over the years?
• What are the most common cybersecurity threats for small businesses?
• What are the most important cybersecurity tools you should use to protect yourself?
• The takeaway: what independents need to know

Why are cybersecurity best practices important for small businesses?

When it comes to cybersecurity, independent businesses are particularly vulnerable. This is because they often lack the resources of larger brands and may need help to afford the latest and best cybersecurity tools and services. In fact, according to a 2021 study by UpCity, only 50% of all small businesses in the U.S. actually have a cybersecurity plan in place for next year. This means that the other 50% are putting themselves at risk from cyber attackers. But why is cybersecurity so important for these kinds of organizations?

The lack of adequate cyber protection can lead to data breaches which can have a significant financial impact on your business and damage its reputation in the eyes of clients and partners—in most cases, the biggest hit of all.  For example, one study found that up to 80% of consumers are likely to defect from a business if their data is compromised in a breach. Data breaches can also lead to compliance issues if your business isn’t meeting the required standards and regulations. Attackers may also be able to access business owners, employees, and client data which could result in identity theft or credit card fraud—all of which can be difficult to recover from financially.

Lastly, another reason why independent businesses need to take cybersecurity seriously is that recent studies show that cybercriminals are increasingly targeting independent businesses rather than larger corporations.  This is because big brands are starting to take cybersecurity measures very seriously. This makes smaller firms a much easier target for cyberattacks and one that is less likely to catch the interest of federal law agencies.

How has cybersecurity evolved over the years?

These days, the threat landscape has become more complex as hackers have shifted from standard methods such as:

• Malware
• Phishing
• Insider attacks

To more sophisticated forms of attacks, including:

• Zero-day exploits
• Ransomware
• Distributed denial-of-service (DDoS) attacks

To protect against these new threats, businesses are starting to use a much more thorough approach to cybersecurity. This includes using platforms that can protect personal and client data, like HoneyBook.

organizations are focusing on preventive measures such as:

• User and employee/contractor education
• Stronger authentication protocols
• Using antivirus software
• Limiting employee access to sensitive data
• Keeping up with the latest cybersecurity best practices for independent businesses.

What are the most common cybersecurity threats for small businesses?

The best way to protect against cyber threats is to understand what kind of attacks you’re up against. Some of the most common cybersecurity threats for independent businesses include:

• Malware. An umbrella term for “Malicious Software.” This cybersecurity threat is designed to damage or gain unauthorized access to a business’s database system. Common examples include viruses, worms, trojans, and ransomware. Remember, knowing the type of malware is important as it helps you decide which cybersecurity tool you need to stay safe.
• Phishing. Cybercriminals use phishing to trick victims into revealing their personal information, such as passwords or credit card numbers, usually by impersonating a legitimate organization or individual. These attacks typically take the form of emails or links sent from malicious sources. And it’s increasing at an alarming rate too! According to a report by the APWG, phishing attacks have nearly tripled since 2020. The vast majority of phishing attacks come in the form of clone phishing, spear phishing, and email phishing. 
• Ransomware. Ransomware is a type of malware that encrypts or locks a business’s files until they pay a ransom. It can be really damaging as it keeps them from accessing data and applications, leading to costly downtime and lost revenue.
• DDoS attacks. A distributed denial of service (DDoS) attack is an attempt to make a website or online service unavailable by flooding the target with external requests. This type of attack can overwhelm even the most robust systems and cause major disruptions in business operations.
• Insider threat. Insider threats can take the form of either employees with ill intent or careless users who expose the business to hackers. While these types of attacks can be difficult to prevent, businesses still need to ensure they have proper authentication protocols and employee security education in place. Security education is the best prevention for insider threats due to carelessness.
• Zero-day attacks. The term “zero-day” refers to the fact that a threat is so newly uncovered that vendors and/or developers may not have a solution for fixing it—thus, they have zero days to solve the problem.

Cybersecurity best practices for small businesses

Now that you have a better idea of what kind of digital threats you may face. Here are some key cybersecurity best practices for independent businesses you should keep in mind to protect your business.

1. Implementing multi-factor authentication

Multi-factor authentication or MFA is an excellent way to strengthen your security posture. It does this by requiring users to provide many pieces of evidence before accessing sensitive information. This commonly includes things like verifying their identity through SMS or using fingerprints.

In this way, MFA adds an extra layer of security and helps prevent your business accounts from being hijacked by outsiders. 

However, it’s important to note that even with MFA, you can still be a victim of cybercrime. Especially if you think your verification phone or email has been hacked.

2. Don’t reuse or share passwords—and use a password keeper/generator app

Remembering a lot of passwords is hard, so people tend to reuse their passwords or create weak passwords. Weak passwords are easy for hackers to crack. To combat that, we recommend that you use a password management app. 

A password management app is a tool that generates strong passwords, stores them, and fetches them for you. Apps like 1Password and LastPass help you generate unique, difficult-to-crack passwords for each app and then store them for you so you only need to add one password at a time.

What is a strong password?

Strong passwords contain a mix of letters, numbers, and symbols. They have no information that can relate the password back to the account holder, like full words, birthdays, addresses, etc.

An example of a strong password is something like this: 289&2Hdnsl&!jfhsnl0. It’s totally random and would take a long time and many, many permutations to guess. That’s why password managers are so important—they keep all of your complex passwords safe so you don’t have to memorize a string of numbers and characters.

3. Install software updates promptly

Keeping your hardware and software up to date by installing the latest updates as soon as they become available is one of the easiest ways to boost cybersecurity for independent businesses. 

This will help ensure that you have the most secure version of your business systems and applications. 

4. Create backups regularly

You should encourage your workforce to back up important business data regularly. So if a cyberattack does occur, you will still have access to your files and documents.

Remember to back up your files in different locations and keep multiple hard copies (on external hard drives or USB storage devices). If you lose your computer, you lose everything on it, so it’s smart to have a hard drive backup. Cloud backups are important, too, but they can’t replace hard drive backups.

5. Install antivirus software and use the built-in firewall

It’s no secret that installing reliable antivirus software on all of your machines is one of the best ways to protect against cyber threats. These programs can detect, scan, and block most malicious software and protect you from common cyber threats.

Unfortunately, most free antivirus software often offers inadequate protection. So it’s usually best to invest in a premium commercial antivirus solution. Although these may be more expensive, they will likely provide you with better protection and peace of mind.

You can also deploy firewalls to protect your business network for added security. These act like virtual barriers that prevent malicious software from entering your network.

6. Avoid clicking on unsolicited emails or text messages

Spoof emails and texts are used to collect information from victims to steal identities, funds, and more. Avoid compromising your bank account information by not clicking on texts or emails you weren’t expecting. 

Check the email address and the phone number the texts and emails are coming from, then look them up and see if they’re affiliated with a known spammer. 

7. Avoid using public Wi-Fi without VPNs

Public Wi-Fi networks are known for being insecure and prone to cyberattacks, so it’s essential to protect yourself when using them. 

If you must use public Wi-Fi, make sure to connect to it through a virtual private network (VPN), which will encrypt your data and protect it from hackers. This will help keep your data secure by encrypting all information sent and received over the network. You can also use your phone as a HotSpot to provide network connectivity to your laptop.

8. Create incident response plans for cyber attack scenarios

On top of that, try to create incident response plans to help your business minimize the damage caused by a cyberattack and quickly recover from it. This should include steps on identifying, containing, and mitigating the incident and who to contact for help.

Having such a plan will also give management an awareness of their roles in an emergency and ensure that everyone is on the same page.

9. Conduct regular cybersecurity training with employees on company devices (if relevant)

According to a 2023 report by Verizon on data breaches, 74% of all breaches involve human error via stolen credentials, social engineering, or simple mistakes. This is why many experts believe that the best defense against cyber threats is an informed and trained workforce. 

Ensure that your employees and contractors know the latest cybersecurity threats and how to recognize them. 

10. Limit employee access and establish cybersecurity guidelines

Finally, limiting employee access to sensitive data and establishing proper guidelines is also important.

Make sure that your employees only have access to the information they need. 

Additionally, create cyber policies to help your team understand what is expected of them and the results of ignoring rules.

This will help:

• Make sure that everyone is on the same page when it comes to cybersecurity best practices
• Reduce the risk of potential insider threats
• Give you greater control over who has access to confidential information

The takeaway: what independents need to know about cybersecurity best practices

Independent businesses are increasingly becoming targets for cybercriminals, as they represent an easy and profitable target. 

However, there are many things independent business owners can do to protect themselves and their data. 

By following the above tips, you’ll be well on your way to keeping your independent business safe from digital threats.

But, it’s important to remember that cybersecurity is an ongoing battle. So make sure to stay up to date with the latest trends and best practices and never stop looking for ways to improve your cybersecurity posture.