If your small business doesn’t have cybersecurity processes in place, you’re currently at risk. Many business owners assume they’re safe because their business is small and online attackers are more likely to target large corporations with lots of money. But, this assumption is wrong. Because small businesses often don’t have the budget or knowledge to protect themselves against online attacks, they are at a higher risk than corporations that do. According to SmallBizTrends.com, 43 percent of cyber attacks target small businesses and 60 percent of small businesses go out of business within six months of a cyber attack. Now is the time to ensure your business doesn’t fall victim to online attackers.


The 6 Types of Sensitive Information Cyber Attackers Look For

Cyber attackers are targeting businesses online to gather data they can use to benefit themselves. Below are the types of information that is most commonly at risk, and where you should put processes in place to protect your business:

  1. Customer records
  2. Intellectual property
  3. Customer credit card and debit card information
  4. Financial information
  5. Employee records
  6. Business correspondence


The Top 10 Ways Your Business Can Be Attacked Online

Below are the common types of attacks that happen when a small businesses security is breached online. If you understand how your business can be attacked, it’s easier to prevent this from happening:

  1. Web-based attack
  2. Phishing/Social engineering
  3. General malware
  4. SQL injection
  5. Compromised/stolen devices
  6. Denial of services
  7. Advanced malware/zero day attacks
  8. Malicious insider
  9. Cross-site scripting
  10. Ransomware


Understand the 5 Best Ways to Protect Your Business from a Cyberattack

Now that you understand different ways your business can be attacked and the types of information you should be protecting, it’s time to put security in place to protect yourself. Here’s what you can do today to protect your business’s sensitive information:

  1. Use Antispyware and Antivirus Software: There are a number of options for software to protect your computer from attack. Some of the most popular are McAfee, Webroot, Bitdefender and Norton. PC Mag has a great comparison grid of antivirus software to protect your business. Once you choose a software, make sure it is always up to date. In addition, your operating system software and any other types of software — such as WordPress — should always be kept up to date too. Outdated software can lead to holes in security that attackers can discover and use.
  2. Utilize Strong Passwords: Don’t use passwords for your business such as BusinessName123. It’s best to use a phrase and include numbers, capitals and special characters. You can even use an online tool to check how secure your password is.
  3. Secure Your Networks Used to Access the Internet: When signing on to your business’s WiFi network, make sure you utilize a firewall and make sure your WiFi network is secure and hidden. To do so, setup your wireless router so it doesn’t broadcast the name (otherwise known as a SSID: Service Set Identifier). Also consider using a Virtual Private Network (VPN) to connect to the internet instead of an open WiFi connection. VPNs allow you to encrypt your internet connection so data shared cannot be seen by third parties.
  4. Control Access to Sensitive Data: In a recent study of small businesses that experienced a data breach, the number one root cause of the breach was a negligent employee or contractor. Make sure your business creates a set of internet security policies and procedures and holds workshops or security trainings so every employee — including new ones — are aware of how to avoid sharing sensitive information or access to this information. You should also control access to business computers that house sensitive data, give a separate login to each employee, and only give administrative privileges to yourself, the IT department or one to two other key individuals.
  5. Don’t Forget Mobile Phone Security: Mobile phones are not only easily stolen, but they often contain access to a number of sensitive business applications such as email or cloud storage. Ensure all of your employees have a password protected phone, and software that enables them to encrypt data, and locate and wipe lost phones.

Now that you have a better understanding of how small businesses are attacked, what information is stolen, and how to protect your business from a cyberattack, you can ensure your business stays compliant this year. If you’d like even more tips on how to protect your business from cyber attacks, Small Biz Trends and Microsoft partnered to create an eBook with more than 75 tips to protect your small business.