Skip to content

Cybersecurity Plan

June 7, 2023

Executing a cybersecurity plan can protect your business, its assets and your employees

Cyberattacks cost the U.S. economy billions of dollars a year and pose a threat to business of all sizes operating in all industries. Small businesses are especially attractive targets because they have financial and operational information that cybercriminals want while also lacking the security infrastructure of larger businesses.

In fact, 46 percent of all cyber breaches impact businesses with less than 1,000 employees, according to a 2021 Data Breach Investigations Report released by Verizon. Additionally, a March 2022 article on indicated that between January 2021 and December 2021, Barracuda Networks found that small businesses with less than 100 employees will experience 350 percent more social engineering attacks than larger organizations.

These types of statistics aren’t a surprise to many small business owners. Most understand the threat of cybercrime is real. They just may not have the budget to afford professional IT solutions or have limited time to research options.

To more effectively prevent attacks such as viruses, malware, ransomware, spyware and phishing, the U.S. Small Business Administration suggests the following best practices:

Train your employees

Providing information your employees need to make smarter decisions or report “fishy” events to the proper IT contacts can go a long way in preventing cyberattacks. Develop a list of topics so your employees can be advocates for recognizing everything from phishing emails to suspicious attachments.

Secure your networks

Safeguard your internet connection by encrypting information and using a firewall. Your company’s Wi-Fi network should be secure and hidden by setting up your wireless access point Service Set Identifier (SSID).

Use antivirus software and keep all software updated

This is a standard practice on all work-related computers from desktops to laptops. Each software program should install updates automatically. In addition to updating antivirus software, it is key to update software associated with operating systems, web browsers, and other applications, as this will help secure your entire infrastructure.

Enable Multi-Factor Authentication

Multi-Factor Authentication (MFA) is increasingly required logging into various accounts. MFA can verify an individual’s identity by requiring them to provide more than just a typical username and password, often sending a random code, phrase or PIN to an individual mobile phone before access is allowed.  Fingerprints and facial recognition are increasingly used as well.  

Secure, protect, and back up sensitive data

There are numerous types of sensitive data that should be handled carefully, with significant attention paid to securing these systems.

Payment processing

Financial institutions and/or credit card processors can confirm your business is using the most trusted and validated anti-fraud services and resources to attacks.

Control physical access

This step may be more under your control than others. Set up a process to prevent physical access or the use of business computers by unauthorized individuals. All company devices should be locked when left unattended.  Require strong passwords for any account access and regularly conduct audits to update your personnel files for access.  

Back up your data 

You likely have a strategy in place to back up all company data. Running an annual audit on this process is important as well. Cloud storage should be part of your process in case a physical breach occurs.

Control data access 

Cloud storage repositories such as Dropbox, Google Drive and more can be helpful, convenient tools. But they are not free of cybercrime issues. Limit employee access to the information they need and carefully guard information shared and access to such cloud sources.