Protecting your small business from cyber security threats

Protect from ransomware, phishing and the loss or misuse of data

A cyber threat is a malicious attempt to compromise a computer network or system. Cyber threats affect businesses of all sizes, but small businesses are often targeted because many don’t have adequate protection.

Nearly 58% of all cyber attacks are against small businesses, according to a 2017 report from the Ponemon Institute, an independent research firm. Even more alarmingly, the U.S. National Cyber Security Alliance reports that 60% of small businesses close within six months of a cyber attack. It’s clear that preparing your small business for a cyber attack is not only practical, but essential.

The most common cyber security threat a business faces is a data breach. A data breach is when sensitive information is stolen or released from an otherwise secure network without authorization. A breach can be intentional, such as an employee sharing customer information, or unintentional, such as an employee mistaking a phishing email for a legitimate one.

While there are several ways your data can be compromised, the three most common types are: loss or misuse of data, ransomware and phishing.

Loss or misuse of data

The loss or misuse of data can happen in different ways:

The loss of hardware itself — This includes devices such as hard drives, computers or smart phones. Imagine you’re traveling to a meeting and you forget your laptop at the airport baggage claim. Then a thief accesses your client database and auctions it on the dark web. This is one way data can be lost.

You can prevent data loss by requiring a passcode to login to all your devices, including cell phones. You might consider encrypting your device, especially if you travel. Encryption, simply put, conceals all information on a given device to prevent unauthorized access. Most electronic devices allow you to enable this feature in their security settings. These extra steps can help further protect your information should it fall into the wrong hands.

The misuse of information by someone — In most cases, data misuse is conducted by an employee who has legitimate access to the information. For example, a dishonest employee might skim a few customers’ credit cards while processing their transactions, then use the stolen credit card numbers to buy things.

You can minimize the misuse of data by limiting system access to only those who need it. Each employee with access should each have their own login and should never share their credentials with others. Be sure to communicate the seriousness of data misuse and the consequences for those who violate your policy.


Ransomware is a malicious program that blocks access to programs or files until a demand is met. It’s usually downloaded in error, and the demand is usually an electronic transfer of money. For example, ransomware can be disguised as an important email attachment or link that, once clicked, can block access to important systems until a ransom is paid. This type of attack can lead to costly business interruptions and repairs.

The best way to protect against a ransomware attack is to install antivirus software on all devices connected to your network. Ransomware and other cyber threats are constantly changing to exploit system weaknesses, so make sure you keep your antivirus software up to date.

Also, daily system backups are an effective way to deal with ransomware and many other types of threats. They let you restore your system to an earlier state before the ransomware was installed. The best solution is to store your backups on an offline hard drive or in the cloud. Both of these solutions make your backups inaccessible to would-be attackers.


Phishing is a cyber crime tactic that uses emails disguised to look like messages sent from a legitimate source to coax recipients into providing sensitive information. This information often includes account logins and Social Security and credit card numbers.

For example: You could receive an email that looks like an alert from your bank asking you to confirm your login information. The email contains a link that sends you to a fake site, made to look exactly like your bank’s site, where you enter your username and password. Now a cyber criminal can easily access your account.

To combat phishing schemes:

  • Always be suspicious of any emails that request your login information or require you to “verify your account.” Legitimate businesses will never ask you to confirm personal information via email.
  • Never click a link from a suspicious email, and if you’re unsure if a request is legitimate, visit the website by accessing it through your browser instead of through the email’s link. This will ensure you visit the correct website and not a dummy site set up to steal your information.
  • Check the URL. A legitimate URL will always use the branded domain name immediately before the “.com.” If something other than the branded domain name of the company appears immediately before the “.com,” it’s probably a phishing site. So:
    • – is legitimate
    • – is trying to trick you

While these recommendations will strengthen your business’s security there’s more you can do to protect against cyber threats, including a cyber insurance policy.