Top cyber security measures for small businesses


Date: 26 May 2020

A team assess the IT security measures in their business

Cybersecurity is an increasingly important issue for all businesses, as the number of cybercrimes increases by the day. Cyber security is no less important just because you are a small business. According to a recent report from Ponenon, more than half of small enterprises are victims of cyberattacks. At best a cyberattack can be an unfortunate hurdle when you are starting out, but a major attack could challenge the very survival of your business and that is a risk that startups cannot afford to take. 

In order to keep cybersecurity at the optimum level, a flexible and experienced IT company should be engaged for consultation and assistance in implementing solutions. 

Update your software

Software needs to be updated frequently to avoid any potential areas of weakness in the network. Software updates are released regularly, and they contain fixes to bugs in the system, security patches and new approaches to defence systems.

If these updates are not received immediately, your system will contain vulnerabilities until it is updated. Updates should be set to run automatically or at regular intervals and should include all aspects of your system. This includes email software, servers, operating systems, firewalls, anti-malware and encryption. It is also a good idea to keep hardware up to date in order to maximise security. 

Implement a firewall 

Organisations need to use firewall systems to protect the internal network from the outside world, and to prevent access to data and the network from unauthorised parties. This is an essential security measure, and it monitors, and blocks network traffic based on a set of predetermined regulations. Firewalls also prevent employees from inadvertently breaching protocols.

The firewall that is most suitable for your organisation will depend on the operating system, the size and specifications of your computing system, and the volume of traffic inspections you need to perform. 


Antivirus software is designed to protect computing systems from viruses, but they can also protect against other types of malicious attacks, such as worms, ransomware and browser hijackers. Depending on the antivirus software programme you adopt, it may also include anti-spyware software and protection against scams, phishing attacks, DDoS attacks and advanced persistent threats (APTs). Reliable antivirus software will detect and highlight potentially dangerous content and activity before it becomes a security issue.  

Password management

The 2019 Verizon Data Breach Investigations Report showed that 80% of hacking related breaches were the result of weak or stolen passwords. This statistic alone should be enough for businesses to implement a policy of strict password protection for all employees and third-party vendors.

Hackers use advanced software to break through easy-to-guess passwords (the two most commonly used passwords on the internet for the last seven years have been '123456' and 'password'). Password manager solutions generate strong passwords across the organisation and store them in one secure location. Popular password managers include Dashlane, 1Password and LastPass.

Access control

Access to your system should be carefully secured to keep out malicious actors. But a high proportion of attacks are caused by those inside the organisation. One way to combat this is to implement policies that limit and control the access granted to each employee or contractor. The principle of least privilege (PoLP) restricts access in an IT environment to the minimum that is needed by users, processes and accounts. This improves security, system stability and it is quite easy to implement. 


Encryption is a security measure that can be applied to strengthen systems and reduce the risk of attacks through endpoint devices. The basic username and password combination of authentication can easily be broken by hackers and is not sufficient to protect an enterprise.

Two-factor authentication (2FA) is when users are required to have two methods of authentication, such as a password and a YubiKey or a one-time password (OTP). Multi-factor authentication (MFA) often involves an extra requirement to provide verification, such as a fingerprint or iris scan. A minimum measure of 2FA should be deployed by all businesses, but MFA provides an extra layer of security so it is the recommended practice.   

Regular backups

It is essential your business adopts an effective policy for backing up sensitive data. This is a way of mitigating against disaster scenarios that could leave data compromised, such as a ransomware attack. Most small businesses will fall prey to a data breach at least once. The volume of data that has been lost in the last two years following an incident has increased by 400%. Critical data should be backed up at least once a week and preferably on a daily basis. One copy should also be stored off-site as an extra layer of precaution.

Training and education

Security policies and protocols need to be maintained and followed by all staff members. But many companies do not train staff sufficiently so they understand the importance of following the procedures. Staff are more likely to be effective in the fight against cybercrime when they are educated in the risks and potential dangers. It is also advisable to keep staff up to date on cybersecurity developments and industry news. Many threat to businesses are caused inadvertently by employees who lack the awareness of cybersecurity best practices.

It's easy for small businesses and startups to overlook cybersecurity measures when they are focussed on other things. It has been found that as many as 60% of small businesses close down within six months of a cyberattack. With stakes this high, start-ups are advised to take every cybersecurity measure available to them. When it comes to cybercrime, it is always better to be safe than sorry.

Copyright 2020. Article was made possible by site supporter Zachary Gottlieb

What does the * mean?

If a link has a * this means it is an affiliate link. To find out more, see our FAQs.