Cybersecurity Basics for Small Businesses

If you are a small business owner or manager, you have a target on your back.   You face a special set of risks from cyber-crime exploits.  Most often, you do not have the financial resources to afford a full time IT support employee.  You do not have the budget for expensive Intrusion Prevention Systems (IPS), or Security Information and Event Management (SIEM) systems.  You might not even have a firewall, or it may be too old, or the security software that came with it may be out of date or expired.  This lack of security is well-known by the threat actors out there, and makes small businesses a more attractive target that bigger enterprises.

Today I will show you a number of low-cost or free security methods you can deploy in your network.  If you own or manage a small business or other small organization, the list from our last post is a good place to start.  Then come back for the rest.

  • Training for employees – You may not be able to afford security hardware solutions, but you have the next best thing right in your office – you employees. If you provide a bit of cybersecurity awareness training, your employees can become your early warning system.  Hire a trainer to come in for a half day event, or sign up with an online training firm such as KnowBe4.  They should be instructed in the dangers of phishing emails and other common exploits, and learn how to recognize them.  This training is not free, but will yield the best return on your investment.
  • Empower your employees to report incidents – It doesn’t do any good to train they if they are afraid to report suspicious activity.  Avoid anything that looks like blame, even if it is their fault.  You want to know about problems when they start, not after a week.
  • Backup your data twice – You need two back ups, a local backup on an external drive or network attached storage device, and another in the cloud, safely off-site.  The local back provides quicker recovery.  The cloud backup ensures that your business can recover from a fire, tornado, or other disaster that destroys your building, all the data, and the local backup.
  • Secure your website – Websites are an important marketing and sales tool for many small businesses, and are also a top target of cyber-criminals.  Talk with your hosting provider or developer.  Are they providing any security for your site?  Popular website platforms like WordPress, Joomla, and Drupal have easy to install plugins that can provide a high level of security.  Find out if you  are taking advantage of this option.
  • Get professional help – Most cybersecurity companies are too expensive for a small business, but there are cybersecurity support for small business owners, small security firms that charge affordable rates.  (I am one of those guys.)  They may be hard to find, but you may want to find one and have them run a vulnerability scan, and then discuss what needs to be fixed to provide better security.  You may not be able to do everything, but you can work on the top vulnerabilities.

This is my short list of recommendations for small business owners.  Remember how you promised yourself this year would be the year you took care of increasing the security o your network?  Well, the first quarter is already gone.  Better get to it!


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Owner of the WyzCo Group Inc. In addition to consulting on security products and services, Bob also conducts security audits, compliance audits, vulnerability assessments and penetration tests. Bob also teaches Cybersecurity Awareness Training classes. Bob works as an instruction for CompTIA’s non-profit IT-Ready Program in the Twin Cities. IT-Ready is a tuition free 8-week program designed to teach students of all ages the fundamentals of IT support to prepare them for an entry level position in Information Technology Support. Graduates of the classes take the exams to become CompTIA A+ certified. Bob is a frequent speaker at conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. Bob has been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.