Business How to SMB

How to protect a small business from hackers

Illustration showing business protected from hackers
March 11, 2018

A step-by-step guide detailing the areas small businesses need to address to protect themselves against cyber threats. “Is your business protected? How can you make sure you’re protecting your business

A step-by-step guide detailing the areas small businesses need to address to protect themselves against cyber threats.

“Is your business protected? How can you make sure you’re protecting your business against cyber threats?”

You hear about hacks on the news. Maybe you know someone whose business has been hacked, contracted viruses, lost data or even been the victim of a ransomware attack. Or maybe it’s happened to your business? If it hasn’t, you’re one of the lucky 48 percent, because 52% of small businesses experienced cybersecurity breaches in the 12 months before September 2017.

Maybe there’s one going on right now? This question may seem sensationalist , but on average it takes a business 120 days to discover a data breach.

Protective steps

So, is your business protected? Is it enough? Do you know what you need? And how can you make sure you’re protecting your business against cyber threats?

FACT: Only 39% of small businesses have formal policies covering cybersecurity.

This short guide will cover a number of simple but essential areas to address:


Employee training

The best security policies start with the individual. If every staff member is well trained on the protective steps and security measures they can take, the chain is immediately reinforced at every stage.

FACT: Only 25% of small businesses gave their staff cybersecurity training in 2017.




The first thing you and your teams can do is to use a strong and unique password for each account.

A strong password consists of a mix of the following:

  • Uppercase letters: F X W
  • Lowercase letters: k g m
  • Numbers: 7 4 9 0
  • Symbols: @ & ! $
  • 12 or more characters

The second important means of defense is to keep your passwords strong and confidential!

You can put your business in a good position by:

  • Limiting how many people have access to your systems
  • Limiting what types of data people can see and edit
  • Changing the default password when you create an account
  • Using a password manager and choosing strong passwords
  • Not using the same password for multiple accounts
  • Not writing down your passwords

Check your tech

Defeating or deterring the cybercriminals doesn’t stop at strong passwords.

These simple checks will help ensure your IT security is in good shape:


Update your software

Make sure your apps and operating systems are up to date. Software updates improve efficiency and repair any apparent vulnerabilities.

Check your firewall and antivirus

Do you have them installed on each device in your network? Are they both up to date? Are the right settings applied? As the statistic below shows, it is essential to keep your antivirus up-to-date to protect against the onslaught of new virus strains and types of attack.

FACT: In a three-month period, 18 million new malware samples were captured.


Check your backups

Running a daily backup means you can restore everything to a recent point in the past, limiting the loss and helping you recover as quickly as possible if you are compromised. This has become particularly important as ransomware attacks continue to grow. By backing up your data on a completely separate system, you are limiting the impact of ransomware attacks – you’ll be able to access the stolen data using your backed-up copy, rather than taking the risk of paying the ransom (which offers no guarantee that your data will be returned).

Read our complete guide to protecting your business from ransomware attacks here.

FACT: Avast has blocked more than 122 million WannaCry ransomware attacks in 194 countries since Spring 2017.

Check your code

If you do not have the appropriate internal resources, invite an IT professional to scan your systems and perform a penetration test to confirm that the coding and hosting of your website is both robust and free of common errors.

You may want to invest in an SSL certificate, which is not expensive.

See our Point Of Entry infographic that shows the various ways cyber criminals can get into your business.



What to do if your business is breached

If your business is one of the 52% of businesses that gets compromised every year, knowing how to respond and what steps to take first could make all the difference. Taking these steps can prove to your customers that you are taking the problem seriously and reacting to their concerns and needs.


At this point you need to quickly understand what has happened, the impact it is having, the consequences, and how to fix it. This is not the time to go looking for a scapegoat, it is time for careful and considered action.

Be cautious

Don’t dive in straight away and try to fix the problem yourself because you might make things worse or disturb important evidence. Only fix it if you are certain you have the skills, tools, knowledge and authority.

Call in an expert

Experts cost money, but the potential losses could be far greater: a loss of new sales, reputation, and loyal customers. It goes without saying that experts cost far more than the price of protecting your business in the first instance.

Tell your customers

When you know what happened and how it affects your customers, tell them. Be open, up front and honest. Your reputation is just as important as your sales. Ask them to change their password if they have an online account with you.

Upgrade and update

If you were breached because of outdated software or hardware, this is the time to update and upgrade. If you were breachedked because of outdated business processes, implement new ones.

Stay vigilant

Keep an eye open for news about the latest threats, even if they happened to a large company or government. The same flaw may exist in your software, hardware, website or network. Find out what the cause was and figure out if it applies to you. If you’re not sure, call in an expert.

If you want to discover more about the risk level of your own business, head to our Small Business IT Security Health Check and run a diagnosis.

March 11, 2018