Cybersecurity tips for small businesses

Padlock with checklist.

While it’s tempting to assume that hackers aren’t interested in small businesses as targets, that couldn’t be further from the truth. In fact, small businesses could be seen as easier targets by malicious actors due to their limited resources. 

If unprotected, small businesses can be vulnerable to malware, phishing scams, and ransomware attacks. Other risks of a cyberattack on small businesses can include a severely damaged reputation and having to compensate customers that have lost funds or data.

But where to start? Without a big IT department, the task of cybersecurity can be daunting. We’ve outlined a few achievable and impactful measures small businesses can take to protect themselves from digital threats.

9 best cybersecurity tips for small businesses

Basic security training

Providing basic cybersecurity training for your employees is a great starting point for securing your business’s digital well-being. Topics should include creating strong passwords, recognising phishing or suspicious emails, and storing and managing sensitive information. 

Our free Udemy online course on privacy and security is meant for individuals but can serve as strong foundational information for employees starting from scratch. Each topic is covered in a video that’s only about five minutes long.

Identity management software

Identity and access management (IDM) software, such as Okta, protects a business by only providing access to its systems and services to authorized users. It also helps to dictate what permissions a user has access to in order to ensure that unauthorized users do not tamper or interfere with sensitive information outside of their allocation. There is a subscription cost to such services, but it’s well worth it for secure access.

This also means avoiding sharing accounts. Each person having their own account to a service will ensure you know who is logging in.

Multi-factor authentication

Multi-factor authentication (MFA) is a setting that requires more than just your password for logging in to online accounts. The secondary credential is usually one that no one else can easily have access to, including one-time codes sent by email or text message, use of an authentication app, or biometrics like fingerprints or facial recognition. 

Require all employees to use MFA for their work accounts. The top admins for your company’s online services are likely able to enforce this rule in the account settings.

Use a password manager

Password managers are apps that help to store login credentials for all services used by your business. The biggest benefit of using a password manager is that it can help to create complex passwords that are difficult to guess or crack—and that you don’t have to remember. This also helps to avoid insecure methods of password storage like the use of digital documents. It also prevents people from repeating passwords, a risky but all-too-common practice.

Most high-quality password managers are paid apps. ExpressVPN now comes with ExpressVPN Keys, a password manager built into our mobile apps and as a Chrome extension.

Firewall protection

A firewall is a technological barrier (software or hardware) that separates different parts of a network in order to protect them from threats. Most operating systems have in-built firewalls—e.g., Windows’s Microsoft Defender, macOS’s own firewall, and Ubuntu’s ufw. However, for your small business it is worth investing in a third-party firewall, be it a software or hardware-driven solution. 

Deploying a firewall will not only protect your devices and networks against viruses and malware, but will also defend you against backdoor attacks, DoS and DDoS attacks, access attacks, or stolen data.

Secure your Wi-Fi connection

In addition to using the strongest Wi-Fi protocols—WPA3 (preferred) or WPA2 (at the very least)—ensure that you modify the default names and passwords on your business’s routers. This can be achieved by logging on to your router’s dashboard settings and changing the authentication method in your wireless settings. 

Strong network passwords are a must. (While it may seem like an extra level of security, hiding your Wi-Fi network could actually do more damage than good.)

Read more: 2.4 vs. 5 GHz Wi-Fi: Are you using the right one?

Constantly update software

Software updates are important for keeping your devices protected. Ignoring and failing to run these updates can leave your devices, and possibly all of your sensitive information, at risk. Updates are most commonly designed to help protect you against malware, software bugs, and zero-day exploits. 

While most software updates are automatic, always take care to know which of your business’s devices require manual installation—e.g., Wi-fi router firmware—to ensure that you stay protected. And if you get prompted to update, do so right away.

Read more: Auto app updates: Pros and cons, and how to turn them on

Back up your files

Regularly backing up your data to online cloud services is standard practice for many businesses. However, in some cases it can be worth manually backing up your data on physical devices on a regular basis. We’d recommend the the 3-2-1 rule which suggests that you have:

  • 3x copies of your data, with
  • 2x of those copies being backups stored on different types of media—i.e. Different types of storage devices, and
  • 1x of those backups stored offsite

It’s also worth mentioning that you should encrypt any physical backups that you make. 

Read more: How to back up your files and encrypt them

Use a VPN

Small businesses can benefit greatly from using VPNs to protect their internet traffic from attackers and snoops, which in turn protect your intellectual property, employee information, and customer and client data. 

Further, in regions where online censorship is prevalent, workers are able to access content beyond their country’s borders, potentially providing a business advantage.

Interested in getting ExpressVPN for all your employees? Find out how to purchase a volume licensing subscription.

Phone protected by ExpressVPN.
Privacy should be a choice. Choose ExpressVPN.

30-day money-back guarantee

A phone with a padlock.
We take your privacy seriously. Try ExpressVPN risk-free.
What is a VPN?
Hi, you've reached Marcus. Dial '1' for privacy, '2' for point and click adventure games, and '3' for paranormal stories. For all other enquiries, please stay on the line and he'll be with you shortly.