Small Business Cybersecurity: How to Get Started

Life as a small business owner involves juggling all kinds of tasks, roles, and relationships. Not surprisingly, some tasks get overlooked or put on the back burner. However, it's dangerous to let cybersecurity become one of those overlooked to-dos. No matter what size your business is, a basic cybersecurity plan can go a long way toward protecting your data and assets.

If you don't have a plan yet, that's okay! Many small businesses are in the same situation with no or little planning and policies around cybersecurity. In this article, we'll help you lay the groundwork for your small business cybersecurity so that you can have peace of mind and a good foundation to grow your security practice.

1. Take Inventory of Your Organization's Cybersecurity Assets

Getting started with cybersecurity can seem overwhelming, and that's why many business owners leave it as a task to be done “later.” Fortunately, there's an easy place to start.

Simply begin by making a list of all the assets your organization has. This can mean physical assets like computers, routers, and cell phones; or digital assets like software, online accounts, and cloud storage. For this first step of cybersecurity, don't worry about making any changes to your current setup. Simply start a document where you keep a list of all your assets.

Just gaining an understanding of your company's digital footprint will enable you to protect all those assets, and make sure you're not forgetting any, in future steps.

Eventually, this inventory will serve you in myriad ways - updating passwords, onboarding new employees, tracking what tools you already use. On an ongoing basis, you'll want to review your device and software inventory to keep it up to date and look for opportunities to simplify your company's network.

2. Write the First Draft of Your Security Policy

Writing a security policy is a big to-do, but for now you don't have to do it all or have a perfect security policy. Take the first step and write a small first draft of your security expectations.

At any company, the security policy should be constantly open to changes and updates. Your small business is no different! So it's okay to start small and build your security policy as you go. For the basics, include your digital inventory from step one, a policy around passwords (see step 3), and information about onboarding and offboarding employees to company accounts.

The idea here is to at least have some document and centralized place where you'll talk about security and the company's measures to prevent attacks. The policy may also include what you'll do in the event of a security breach. How will you let customers know? How do employees escalate a security situation?

No matter how small you start, actually having a security policy in place will put you way ahead of most other small businesses. Just spend a few minutes, on an ongoing basis, to review your policy and expand it as your company grows.

3. Start Using a Password Manager Immediately for Everyone

One of the easiest early wins for security in your company is a password manager. The vast majority of passwords on the web are either short and guessable or reused across multiple sites. If this is the case for your passwords, don't worry! Most people are in the same boat, but there's an easy way to make your passwords strong and unique for every site you use.

A password manager takes care of the work of remembering your passwords for individual sites. It can also help you generate long, secure passwords so that you're not reusing the same passwords everywhere.

The best password managers offer options for businesses. You can save passwords and then share those passwords with team members who need access. When the password changes, everyone gets the update seamlessly. It's also very easy to add and remove team members when they don't need access anymore.

While we're talking about authentication, bonus points for companies that enable and use multi-factor authentication on all their accounts.

4. Install Malware & Virus Detection on All Devices

Another quick win for security is picking a malware and virus scanning solution and installing it on all your devices. If you use a managed service provider (MSP) for your IT, then they may have already done this. If not, adding a regular scanner will make sure you detect harmful incoming files before anyone can actually take action on them.

Once you've installed the scanners, you shouldn't have to do much to maintain them, which is great! Let them run in the background. Have your employees keep them up to date whenever there's a new patch to download, and you'll be all set.

5. Train Everyone on Common Attacks & Best Practices

The final step in your cybersecurity plan is really an ongoing step for the rest of time: training & education.

This starts at the top. Leaders in your company need to understand common attacks and the risks posed by cybersecurity breaches. If there's understanding of security culture at the top, then the rest of the organization will follow.

Everyone in your company should know what a phishing attack looks like, never to download files from unknown senders, and how common social engineering attacks work. Of course, attackers change their approaches over time, so you should also regularly be reading up on the latest attacks and how to prevent them.

A security-minded culture at your organization will go a long way toward preventing attacks when everyone is on the same page about the risks and how to prevent attacks.

Getting Started with Cybersecurity for Your Small Business

Making a cybersecurity plan, no matter how small, is a critical first step for businesses. From this foundation, you can grow your cybersecurity practice to include more sophisticated layers of protection. Along that road, perhaps device management and breach detection will be part of your infrastructure. For now, implementing these basic steps will put you ahead of the competition and protect you from a wide variety of attacks that might come your way.