BBB Business Tip: The Top 5 Cybersecurity Practices Every Small Business Needs to do Now

The pandemic has forced many people to conduct business from home. Unfortunately, this shift to remote work has also opened up opportunities for hackers. Cyberattacks have grown over 400% since the pandemic started, and many of these hacks target small businesses. Small businesses are often targeted because many don’t have a fully-fledged IT department to protect themselves.

Unfortunately, the potential consequences of a breach on a small business are enormous. Approximately 60% of small businesses shut down just six months after a cyber security breach, because the time and resources required to recover from a cyberattack can be substantial. In short, a cyberattack can result in legal fees, lost capital, or even the loss of trust from a customer base. This is why it is essential for small businesses to take steps to protect themselves.

Here are the top five cybersecurity practices every small business needs to do now:

1. Understand your current cybersecurity status

You might be under the impression that you have relatively good cybersecurity, but how can you be sure? It’s crucial to audit your cybersecurity status on an annual basis. Your small business likely goes through many changes throughout the year, including the adoption of new tools, new employees, and more. Each change can potentially weaken your cybersecurity. That’s why we encourage you to do (at least) an annual cybersecurity audit.

If no one in your business can complete this audit, hire external companies for this evaluation. However, note that having no one who can conduct a cybersecurity audit internally is likely a bad sign. Consider putting someone in charge of cybersecurity and offering to pay for their training. This is an investment in the long-term that can save your business from attack.

2. Train your employees

With the world shifting towards remote work, it’s essential to acknowledge how much time your employees work on personal devices or in external locations. As a small business, you may not be able to implement certain cybersecurity practices, such as establishing a VPN network or issuing portable work devices to all employees. Still, your employees are your first line of defense in protecting your company information.

Hackers understand that untrained employees are often the easiest way to get into a system.

Popular types of cybersecurity scams against employees include:

  • Impersonating an employee within the organization — usually by finding out their name on social platforms or the company website
  • Baiting with information that seems internal, that the hacker has actually found online
  • Hiding malware downloads in email unsubscribe buttons
  • Phishing emails
  • Using keyboard capturing techniques to gather passwords
  • Internal threats from current or former employees

Approach training your employees on cybersecurity in a smart way. If you simply send your employees an article describing the importance of cybersecurity, you may not get their full attention. Don’t just force tutorials or conduct training sessions onto employees without explanation.

Instead, make them understand the potential impact of these attacks and how vital their scrutiny is. Giving your staff background on the dangers present will help them understand why they should care about cybersecurity.

3. Back up important information

It can be devastating to a business to lose critical financial records, customer data, planning documentation, or proprietary information. Some cyberattacks not only steal data, but also wipe and shut down systems too. This is a situation that is almost impossible to recover from.

To avoid this, you must back up all information frequently. If possible, use an automated system that automatically backs up data into a cloud. If this option isn’t doable, ensure you go through a data back up at least twice a week.

4. Update systems

A system upgrade can feel annoying when you’re in a productive mood — it requires you to stop what you’re doing and allow the system to update. However, you must understand why system upgrades are essential and should be done immediately.

Operating systems have built-in functions to help reduce the threat of a cyberattack. However, as the world of cyber threats is continuously changing, operating system manufacturers release upgrades to keep up with the changing landscape. These upgrades are for the protection of your system and any time you delay an upgrade, you increase your risk.

Instill a company-wide policy of always upgrading systems as soon as they need it.

5. Password authentication

Two-factor authentication requires that users verify their identity with a secondary device in a short time frame. The process essentially works as an additional barrier to entry. Someone finding out your password may be likely; someone finding out your password while also having your mobile phone is much less likely.

If you think that your smart, capable employees don’t need two-factor authentication, think again. People hate forgetting their passwords and want easy access to their accounts. Unfortunately, this typically manifests itself in the types of passwords they choose. The two most common passwords in 2020 were 123456 and 123456789. Not so secure at all!

Let’s say that you manage to convince all of your employees to have complicated passwords. Unfortunately, that itself isn’t even enough protection. Billions of credentials are for sale on the dark web, with U.S. companies being the top target.

Two-step authentication can help your employees keep their accounts secure.

Moving forward

The risks that come with poor cybersecurity are too high. By implementing these five cybersecurity practices, you help to protect your business and its future. You can choose to ignore your cybersecurity, but that doesn’t mean that hackers will ignore you. Be proactive and make sure that you are taking your business’s cybersecurity seriously.


The Canadian Centre for Cybersecurity is a good resource for Canadians. In the U.S., the National CyberSecurity Alliance can help.


Information courtesy of the Better Business Bureau

Leave a Reply

Your email address will not be published. Required fields are marked *