
How to Protect Your Business From Cyberattacks
Small businesses are a big target for cybercriminals. Here’s how to prevent your network from being crippled by a malware attack.
By Todd Smith
Cyberattacks. Network security breaches. Ransomware attacks. Phishing catastrophes. If these terms aren’t top of mind for small business retailers and manufacturers, they should be. Recent statistics gathered by Strong DM (strongdm.com) show that cyberattacks against small businesses are on the rise.
- 61 percent of small businesses were the target of a cyberattack in 2021.
- 46 percent of all cyber breaches impacted businesses with fewer than 1,000 employees.
- 37 percent of companies hit by ransomware had fewer than 100 employees.
StationX (stationx.net) notes that small businesses also have the highest rating (one in 323) for targeted malicious emails, and employees of small businesses experience 350 percent more social engineering attacks than those at larger enterprises.
Why are small businesses such a big target? The answer lies in a lack of preparedness. Of the small businesses that collect credit card information, nearly one third do so without any cybersecurity protections at all, according to StrongDM.
While the trend is slowly changing, most small business owners still believe they are too small to become the target of a malware attack. As a result, they fail to take even the most basic precautions to protect their networks and data files.
Not bolstering network security makes small businesses far more attractive to hackers who would much rather attack a small, defenseless enterprise than take on a large company that has invested in staff and security measures to protect their networks. Sadly, too many small business owners up their network security only after they’ve suffered a cyberattack. Some are pushed right out of business.
Fortunately, there are a number of steps small business owners can take right now to beef up their cyber defenses—and they don’t cost a fortune. Here is just a sampling of the simple things you can do to avoid becoming a cyberattack statistic.
Look Inward
Securing your network starts with introspection. Take the time to do a self-evaluation of the system you have in place by asking yourself the following questions.
- Who are you doing business with?
- How are you transacting business with them?
- Is the network you’re using to conduct business sufficiently firewalled?
- Are the crown jewels of your database—banking files, tax returns, and customer information—truly secure?
- Who has access to your network and why?
- Do you have sufficient guidelines in place for employees regarding internet use and email security?
- Are you adequately insured against a cyberattack?
- What would happen if hackers attacked your network right now?
If you answered “no” or “don’t know” to any of these questions, perhaps it’s time to invest in a more thorough evaluation by having a reputable cybersecurity firm look over your operation, run some attack scenarios, and see what your challenges and risks are. They will quickly sort out your weak points, make recommendations to bolster your cybersecurity against future attacks, and may provide suggestions on how to conduct business in a more secure way that ensures data privacy for you and your customers.

Manufacturers that utilize large data pools need to install stringent employee-use protocols of a company’s computer net in order to prevent ransomware attacks.
Education Is Key
One of the least expensive ways to guard against cyberattacks is to educate yourself and your employees about cybersecurity and what your expectations are for protecting your data. This should start the day you onboard new employees and be followed by regular training sessions so the entire staff stays up to date on the latest security threats.
Establishing simple rules regarding the use of unique passwords (and an insistence on changing them every three months) is a good place to start. Following a best practice used by banks, implementing multi-factor authentication that requires additional information beyond a password to gain entry to your network will also help prevent breaches.
You also need to set up strong guidelines for protecting customer information and sensitive data. Establishing a policy that includes internet guidelines will go a long way toward protecting your network.
Your local bank can be a big help in establishing these best practices. Financial institutions want you to stay in business, so they are happy to share all kinds of tips that can help strengthen your businesses’ cybersecurity profile without spending a fortune.
Take a few minutes to search your bank’s name online followed by “how to secure small businesses from cyberattacks.” You’ll be amazed at what this simple search will reveal.
Chase, for example, has a number of cybersecurity articles online including: “How to help protect your business from one of today’s biggest cyberthreats” and “7 tips for a more secure business online.” Security magazine is another good source, as is the Federal Communication Commission (FCC), which has a number of smart cybersecurity tips for small business owners.

It is critical that your employees be schooled about phishing and instructed to not open any emails that seem even the slightest bit suspicious. You should also keep your systems up to date by ensuring that all software updates are made in a timely fashion.
Firewall Your Internet Connection
As defined by the FCC, “a firewall is a set of related programs that prevent outsiders from accessing data on a private network.” If the operating system you’re working on has a built-in firewall, make sure it’s always activated.
Employees working from home also need to make sure that their computers are firewalled. And they should not be using their personal computers for office work. If you have remote employees, provide them with a dedicated business computer that is separate from their personal devices and accessed only by them. Business email addresses should also be established separately.
Secure Your Email
StationX reports that “on average, an employee of a small business with less than 100 employees will experience 350% more phishing and other social engineering attacks than an employee of larger enterprises.” These attacks can look like emails from a reputable company, bank, vendor, or friend. Once an employee clicks on a phishing link, however, the hackers can access your network, steal sensitive data like customer names and credit card information, or, worse yet, introduce ransomware that locks up your network until you pay a ransom. This is why many companies are now beginning to invest in technology that “sanitizes” all inbound emails (and any attached files) to ensure malware can’t enter their systems (see sidebar).
It is critical that your employees be schooled about phishing and instructed to not open any emails that seem even the slightest bit suspicious. Equally important is that you establish a company culture in which employees are encouraged to report any phishing incidents without fear of retribution. Better to find out right away that something may have happened than to have an employee not report a potential breach because they were afraid of losing their job.
While the trend is slowly changing, most small business owners still believe they are too small to become the target of a malware attack.
Protect Your Network
Keep your systems up to date by ensuring that all software updates have been made so you’re using the latest versions. Keeping sensitive business data on a separate computer will also help to keep your data secure and it should be backed up regularly to ensure that all customer data is secured.
Only allowing employees access to the data systems they need to do their jobs will help keep your data files separated and secure. And never allow anyone to install software without your permission as uploads can contain hidden malware that can compromise your system.
Secure Your Wi-Fi Network
Security Magazine says that the best way to protect your network is by using “a strong password that is at least 16 characters, featuring a randomized mix of letters, numbers, and special characters.” Anyone connecting to the network from outside the office should also use a Virtual Private Network (VPN), which allows remote workers to connect securely.

Small businesses are especially vulnerable to cyberattacks. Employee education is a key component to securing vital data.
Purchase A Cybersecurity Insurance Policy
Most business owners already insure their enterprises against theft. Smart ones take the next step and ask their agents about adding cybersecurity insurance as part of their coverage. Yes, it’s an added business expense, but it is far less costly than what a cyberattack and resultant data breach will cost.
The FCC has some smart things to consider when purchasing cyber insurance. Above all, they recommend that your policy should include coverage for:
- Data breaches (like incidents involving theft of personal information).
- Cyberattacks on your data held by vendors and other third parties.
- Cyberattacks (like breaches of your network).
- Cyberattacks that occur anywhere in the world (not only in the United States).
- Terrorist acts.
Taking precautions against cyberattacks may take a little investment in time, hardware, and software in the short term, but it can save your business from a catastrophic attack that could seriously cripple your ability to do business in the future. Check out some of the accompanying resources and start getting cybersecure today by educating yourself and your employees to ensure a cybersafe tomorrow.
Three Levels of Cyber Protection
Depending on the size of your business, you may wish to consider the following.
Small businesses with less than five employees can follow many of the suggestions set out above: train your employees, protect your computers and network against cyberattacks, use a firewall, backup all of your data, control access to your computers, and create separate user accounts for each employee. In addition, secure your Wi-Fi networks, limit employee access to sensitive data files, and insist that passwords be strong, unique, and changed every three months.
Medium-size businesses with 10 or more employees will want to consider all of the above, and they may wish to explore additional cybersecurity measures such as sanitizing emails and any files being transferred into a company from outside sources. OPSWAT (opswat.com)offers an extensive line of Peripheral Media Protection solutions to protect critical business network environments from file-borne threats on any media type. Their Their MetaDefender Kiosk Mini will be of particular interest to manufacturers running computerized, product-manufacturing equipment that requires a secure way to ingest software updates.
Businesses working with a number of outside vendors also need to understand whether any of the vendors in their supply chain have been breached as malware lurking within their system could easily infect your network. To identify and continually monitor those in your supply chain, Panorays (panorays.com)offers a unique solution that provides a real-time security rating for all of your third parties so you can continuously adapt your security measures accordingly.
Big businesses, manufacturers, and government contractors that manage huge data pools and satisfy stringent government compliance standards will need to consider all the above. They may also benefit from Quanta’s Decision Intelligence Platform (quanta.com), which takes data management to a higher level by using Artificial Intelligence to automate and augment decision-making by providing a complete, 360-degree view of customers and their counterparties.
Cybersecurity Resources
The Federal Communications Commission lists the following resources from The Office of Communications Business Opportunities as additional resources for small-business owners:
The GCA Cybersecurity Toolkit for Small Business (gcatoolkit.org); What Small Business Owners Need to Know About Cybersecurity and 3 Biggest Cybersecurity Threats Facing Small Businesses Right Now (entrepreneur.com); and Small Business Resource Center (microsoft.com).
Other sources for cybersecurity information include
Small Business Cybersecurity Center (list.gov); Cybersecurity for Small Business (ftc.gov); the National Cyber Security Alliance Small and Medium Sized Business Resources (staysafeonline.org), and Protecting Your Business From Cybercrime (score.org).