10 Basic Cybersecurity Practices Every Small Business Owner Should Know

To help those looking to implement some basic cybersecurity practices, we asked tech experts and business professionals for their best cybersecurity tips. From implementing 2-factor authentication to securing a wireless connection, there are several things that may be helpful to know about creating a plan to implement basic cybersecurity practices.

Here are ten basic cybersecurity practices every small business owner should know:

1. Invest in a Password Manager

Strong passwords are often long, difficult, and include various special symbols and numbers. In other words, they are hard to hack and even harder to remember. Tools like LastPass and other password managers ensure you don’t have to remember or write down your passwords in an insecure location.

Brian Greenberg, True Blue Life Insurance

2. Implement 2-Factor Authentication

Anyone can fall victim to a cyberattack or hack in today’s world, which is why it is so important to protect yourself and your company’s data. The simplest way to ensure the wrong person doesn’t get into your accounts is to implement 2-factor authentication. This way, even if your passwords are compromised, a hacker will still hit a brick wall trying to get into your system.

Fran Yardley, Threads 

3. Create Strong Passwords

While constantly changing and updating passwords can be a pain, it is a cybersecurity best proactive. 63% of data breaches happened due to lost, stolen, or weak passwords. Make sure your employees are updating their passwords at least every 90 days while also using a combination of upper and lowercase letters, numbers, and symbols.  

Carey Wilbur, Charter Capital  

4. Security Headers

Setting HTTP security headers enable better browser security policies. There’s a variety of security headers worth setting on a website, including strict-transport-security, x-content-type-options, x-frame-options, content-security-policy, and x-xss-protection. To get started, I’d recommend using WebPageTest, checking your Security Score, and then working with a web hosting company or technical service to assist you in setting security headers for your site.

Brett Farmiloe, Technical SEO 

5. Create a Cyberplan

The best thing you can do to practice sound cybersecurity is to create a plan if anything were to get hacked. This plan should involve other employees and be an ongoing training activity, not just a one-time training. The plan should include who to contact, where data backups are stored, and when to contact law enforcement. The Federal Communications Commission offers a cyberplanner to help small business owners create a plan to protect their business. 

Peter Babichenko, Sahara Case 

6. Back-Up Company Data and Files

Though small businesses can be inclined to think they won’t be targeted in cyberattacks, that’s not the case. Small businesses should back up their important company data and files in case of emergency or loss. Updating software with the latest patches and security features is another way to minimize risk. Being aware of threats and documenting them helps small businesses better secure their networks and systems.

Jenna Phipps, TechnologyAdvice

7. Secure Wireless Connection

With so many employees working remotely, it is important to educate your employees about the importance of using a secure wireless connection, especially when working with sensitive data. The last thing you want to do is have your employees working on public Wi-Fi and opening your clients’ data up to hackers.

Megan Chiamos, 365 Cannabis 

8. Have Safeguards Against Phishing

Make sure that all employees are educated on spear phishing, to ensure that someone impersonating the small business owner cannot get employees to do anything that they shouldn’t be doing, such as sending credit card information or buying XYZ. This routinely happened to us at FanSided, but thankfully we had safeguards in place. As your business grows, you are more likely to become a target for this type of cybersecurity issue and many others. 

Matt Blake, Entrepreneur, Investor, and Partner

9. Turn Your Employees into Cyber Warriors

It doesn’t matter how great your cybersecurity tools may be, the weakest part of your protection system are your employees. Take some time to make sure that they understand both the threats and the tools to protect the organization. Ultimately, you want to change them from being liabilities to becoming cyber warriors in the fight against hackers. The more you communicate with them about why things are being done, the more likely they are to either join in the battle or at least understand why things are likely more complicated.

Rick DeBruhl, Communication Consultant

10. Don’t Neglect Regular Patching and Updates

One of the number one cyber risks small businesses face are vulnerabilities due to neglecting regular patching and updates. With limited IT budgets and resources, it is a considerable time commitment to keep applications and infrastructure up-to-date. It can be tedious to keep on top of these things but failing to do so leaves your business vulnerable to security risks that software vendors may have already patched up. An important security practice is approaching cybersecurity in layers for more complete risk management. Organizations need to safeguard their technology with tools like firewalls, email filtering, antivirus, and multifactor authentication.

Colton De Vos, Resolute TS

Terkel creates community-driven content featuring expert insights. Sign up at terkel.io to answer questions and get published.

Small Business Computing Staff
Small Business Computing Staff
Small Business Computing addresses the technology needs of small businesses, which are defined as businesses with fewer than 500 employees and/or less than $7 million in annual sales.

Must Read

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.