How to protect your small business against cyber threats

Does your small business need to worry about cyber threats? You may not think you’re big enough to be concerned about cyberattacks, but you might be surprised at how often a small business is the target of hacks and breaches.

Your small size can actually make you more vulnerable to cyberattacks.

Sophisticated cybercriminals know that a small business often lacks the security infrastructure of larger businesses. Your small stature could make you a sitting duck for criminals looking to steal sensitive client information, credit card information, or gain access to your internal network.

According to the FBI Internet Crime Report, the cost of cybercrimes reached $2.7 billion in 2020 alone.

Most Common Cyber Crimes to Small Business

Cyber attacks are constantly evolving. For instance, COVID-19-related attacks emerged in recent years in response to the global pandemic. But most cyber attacks come in the form of one of these most common attacks:


Phishing scams were one of the top 3 cybercrimes in recent years, topping the list of 2020 and 2021 most common cyber attacks.

Phishing attacks attempt to steal your personal information utilizing an email or text message that looks like a real request from someone you know and trust.

For example, you may get an email from a bank, institution, or application asking you to log in and change your password. You click a link and get rerouted to a page that looks legitimate. But when you click the link that sends you to the bogus page, you could be giving cybercriminals access to your login credentials and other personal information, or you might unintentionally download malware to your computer.


Malware is software intentionally designed to cause damage to a computer, network, or server. It’s an umbrella term that includes ransomware and viruses.


Ransomware is a specific type of malware that infects and restricts access to a computer or network until a ransom is paid. Ransomware is usually delivered through phishing emails. Ransomware is designed to deny a user or organization access to files on their computer by encrypting these files and demanding a ransom payment for the decryption key.


Viruses are harmful programs intended to spread from computer to computer (and other connected devices), giving cybercriminals access to your system. Cybercriminals can code any malicious activity into the virus, including pranks that are not harmful. Unfortunately, most viruses are not of the “no harm prank” variety, and instead cause significant danger to data and systems. Viruses can be packaged with other malware to increase the chance of infection and damage and may be delivered via phishing scams.

How to Protect Your Small Business Against Cyber Threats

Knowing that your small business is at risk is half the battle. The other half is taking steps to assess your risk, protect your data, train your employees, and have a plan in the event an attack happens to your small business.

According to, the following tips and best practices can help protect your business against a cyber attack.

Assess your risk

A cybersecurity risk assessment can identify where a business is vulnerable, and help you create a plan of action—which should include user training, guidance on securing email platforms, and advice on protecting the business’s information assets.

  • The Federal Communications Commission offers a cybersecurity planning tool to help you build a strategy based on your unique business needs.
  • The Department of Homeland Security’s (DHS) Cyber Resilience Review (CRR) is a non-technical assessment to evaluate operational resilience and cybersecurity practices.
  • DHS also offers free cyber hygiene vulnerability scanning for small businesses. This service can help secure your internet-facing systems from weak configuration and known vulnerabilities. You will receive a weekly report for your action.

Train your employees

Employees and emails are a leading cause of data breaches for small businesses because they are a direct path into your systems. Training employees on basic internet best practices can go a long way in preventing cyber-attacks.

The Department of Homeland Security’s "Stop.Think.Connect" campaign offers training on topics such as:

  • Spotting a phishing email
  • Using good browsing practices
  • Avoiding suspicious downloads
  • Creating strong passwords
  • Protecting sensitive customer and vendor information
  • Maintaining good cyber hygiene

Use antivirus software…and keep it updated

Make sure each of your business’s computers is equipped with antivirus software and antispyware and updated regularly. Such software is readily available online from a variety of vendors. All software vendors regularly provide patches and updates to their products to correct security problems and improve functionality. Configure all software to install updates automatically.

Secure your networks

Safeguard your Internet connection by using a firewall and encrypting information. If you have a Wi-Fi network, make sure it is secure and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password-protect access to the router.

Use strong passwords

Using strong passwords is an easy way to improve your cybersecurity. Be sure to use different passwords for your different accounts. A strong password includes:

  • 10 characters or more
  • At least one uppercase letter
  • At least one lowercase letter
  • At least one number
  • At least one special character

Back up your data

Regularly back up the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Back up data automatically if possible, or at least weekly, and store the copies either off-site or on the cloud.

Secure payment processing

Work with your banks or card processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations related to agreements with your bank or processor. Isolate payment systems from other, less secure programs and do not use the same computer to process payments and surf the Internet.

Control physical access

Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel.

Make a plan in case of an attack

Sometimes a cybercriminal can successfully launch a cyber attack against your business, no matter how hard you try to keep them out. In the event of a cyber attack and breach that compromises your client’s personal identification, you’ll want to have cyber insurance in place.

Cyber liability insurance is designed to protect small businesses against the financial impact of a data breach or hack. It can help cover costs associated with a data breach, including:

  • Lost income
  • Recovery costs
  • Restoring computers
  • 3rd-party notification and credit monitoring
  • Lawsuits
  • PR nightmares

Assuming that your small business is too small to worry about cyber security is what criminals expect from you. It’s much easier to walk through an unlocked door than it is to break into a secure place.

Protect your small business by staying aware of your risks, training employees on how to spot and prevent an attack, practicing best safety practices, and ask your trusted insurance professional how affordable cyber liability insurance coverage can be.




Newsletter Signup

Aegis Insurance Markets Logo in White
An InterWest Insurance Services LLC Affiliate

40169 Truckee Airport Rd. Ste #203
Truckee, California 96161
Phone (800) 579-6369
Fax (530) 582-6007
License #0B01094