Cyber security has been important to businesses since the internet existed. But as more and more workers shift to hybrid or fully remote work, the need for protecting your data and cloud-based systems from unauthorized breaches, hacks, or exposure also grows.
Many modern small businesses use cloud-based technology and tools to carry out their day-to-day functions. Whether it's conducting long-distance conferences, advertising, buying and selling, researching, identifying new markets, communicating with customers and suppliers, and even conducting banking transactions, the internet has become integral to the smooth functioning of small businesses everywhere.
Physical embezzlement in offices can be handled with the help of tech like state-of-art security cameras. But the virtual world is a different ball game. The Internet streamlines communication, but comes with its fair share of weaknesses, and they're only growing by the day. Small businesses fall prey to cyberattacks often, with 1,767 data breaches publicly reported across just the first six months of 2021.
So how can you stay safe? Read on for all the top cyber security measures that every small business should have in place to protect itself from the perils of the virtual kind.

Jump to:
- Get a VPN
- Install Reliable Antivirus Software
- Use Complex Passwords
- Use Password Managers
- Protect With Firewall
- Install Encryption Software
- Ignore Suspicious Emails
- Limit Access to Critical Data
- Back Up Data Often
- Secure Your Wi-Fi Network
- Secure Laptops and Smartphones
- Communicate Cyber Security Policies to Employees
1. Get a VPN
Any business with an internet connection can benefit from a VPN. The term stands for Virtual Private Network, and it's another layer of security masking your online activity from third parties: 30% of VPN users say they use it to access the internet for their jobs.
VPNs essentially funnel your data and IP address through another secure connection in between your own internet connection and the actual website or online service that you need to access. It's most useful when you are connecting to any public internet connection, like a coffee shop or an Airbnb. These connections are famously unsecured and hackers can relatively easily use them to scoop up the private data of anyone who log onto them. With a VPN, your new, secured connection will separate the hacker from the data that they are hoping to steal.
There's one unavoidable downside: Funneling your internet activity through another server (often in another country) will reduce your internet speed slightly. The best VPNs will be secure, speedy, and inexpensive.
We have a guide to VPNs worth checking out if you plan to compare options. Great standalone VPNs aimed at serving an entire workforce include PureVPN for Teams and NordVPN Teams.
Price From Lowest price for single month subscription to cheapest paid tier. Other plans are available. | Users | Zero Data Logging | Free Trial | Try Click to find the latest offers, deals and discounts from the VPN provider | ||
---|---|---|---|---|---|---|
Best Business VPN | ||||||
$7 user/month | $8.45 user/month | $32 /month | $8.32/month | $3.99 /month | ||
Unlimited | Min. 5 | Min. 5 | 5 devices per subscription | Unlimited devices per subscription | ||
| | | | | ||
| 7 days | | 30-day money-back guarantee | | ||
2. Install Reliable Antivirus Software
“Malware” refers to any software designed with malicious intent, while viruses are a specific type of malware that replicates itself within a computer until it has spread through an entire system. Another type of malware is called “spyware” and is designed to remain hidden from sight, while collecting data on the business that it has latched onto. Needless to say, you'll need to be protected from all these forms of virtual warfare.
A good, reliable antivirus program is a basic must-have of any cyber security system. Apart from that, anti-malware software is also an essential. They work as the final frontier for defending unwanted attacks, should they get through your security network.
They work by detecting and removing virus and malware, adware and spyware. They also scan through and filter out potentially harmful downloads and emails. You'll need to keep this software updated in order to stay safe from the latest scam or patch any bugs.
3. Use Complex Passwords
Almost every computer and Web-based application requires a key for accessing it. Whether it is the answers to security questions or the passwords, make sure you create complex ones to make it difficult for hackers to crack them.
For answers to security questions, consider translating them into another language using free online translations tools. This may make them unpredictable and difficult to decipher, and less susceptible to social engineering.
Using space before and/or after your passwords is also a good idea to throw the hacker off. That way, even if you write your password down, it would be safe as only you would know that it also needs a space at the front/end. Using a combination of upper and lower cases also helps, apart from using alphanumeric characters and symbols.
4. Use Password Managers
So you're using dozens of unique, complex, tough-to-remember passwords when logging into all your work software. This raises an entirely new issue: How can you quickly and easily sign in when you have to take the time to recall and type out a lengthy string of symbols every time? The answer is a good password management tool.
Password managers will track your internet use, automatically generating the correct username, password, and even security question answers that you'll need to log into any website or service. Users will just have to remember a single PIN or master password in order to access their vault of login information. Many tools also support other benefits, like a password generator that guides users away from weak or reused passwords.
We've ranked the top options in our extensive guide to password managers: LastPass is the top pick for, thanks to great features and pricing, plus a handy browser plugin. Other great options include 1Password, for control and ease of use, as well as Dashlane, which includes a unique perks like the ability to auto-save receipts.
Local Storage Option | Two-Factor Authentication | Failsafe Function | Password Generator Function A password manager can create secure, complex passwords for you. You won't need to remember them yourself. | Help Instructions | Email Support | Live Chat Support | Phone Support | Business Plan? | Business Price Cheapest available business plan | Click to Try | ||
---|---|---|---|---|---|---|---|---|---|---|---|---|
BEST ON TEST | ||||||||||||
LastPass | 1Password | Dashlane | NordPass | Sticky Password | ||||||||
| | | | | ||||||||
| | | | | ||||||||
| | | | | ||||||||
| | | | | ||||||||
| | | | | ||||||||
| | | | | ||||||||
| | | | | ||||||||
| | | | | ||||||||
| | | | | ||||||||
$3/user/month | $19.95/10 users | $60/user | $29.99/user | |||||||||
5. Protect with a Firewall
What separates a firewall from an antivirus program? Well, a firewall protects hardware as well as software, making it a boon to any company with its own physical servers. But a firewall also works by blocking or deterring viruses from entering your network, while an antivirus works by targeting the software affected by a virus that has already gotten through. They work well together, in other words.
Putting up a firewall aids in protecting a small business's network traffic – both inbound and outbound. It can stop hackers from attacking your network by blocking certain websites. It can also be programmed so that sending out proprietary data and confidential emails from your company’s network is restricted.
Just getting a firewall isn't enough: You'll also have to reguarly check that it's equipped with the latest updates for software or firmware.
Top options include Bitdefender, Avast, and Norton, and many brands will include a firewall in a package with other useful security offerings such as VPNs, password managers, and automatic data backups on the cloud.
6. Install Encryption Software
If you deal with data pertaining to credit cards, bank accounts, and social security numbers on a daily basis, it makes sense to have an encryption program in place. Encryption keeps data safe by altering information on the computer into unreadable codes.
Encryption is designed with a worst-case scenario in mind: Even if your data does get stolen, it would be useless to the hacker as they wouldn't have the keys to decrypt the data and decipher the information. That's a smart security feature in a world where billions of records get exposed every month.
Top options here include Microsoft BitLocker, IBM Guardium, and Apple FileVault — they're all high-quality, so just pick your favorite computer company and get in touch for a free trial or demo of what they have to offer.
7. Ignore Suspicious Emails
Sometimes the simplest security measures are the best: Make it a habit to never open or reply to suspicious-looking emails, even if they appear to be from a known sender. Even if you do open the email, do not click on suspicious links or download attachments. Doing so may make you a victim of online financial and identity theft through a “phishing” scam, a term that refers to a false message sent in order to bait the victim into freely giving their login data to the scammer.
Phishing emails appear to come from trustworthy senders, such as a bank or someone you may have done business with. Through it, the hacker attempts to acquire your private and financial data like bank account details and credit card numbers.
For further security, make sure you change your email password every 60 – 90 days. Additionally, refrain from using the same password for different email accounts and never leave your password written down.
8. Limit Access to Critical Data
Keep the number of people with access to critical data to a minimum such as the company’s CEO, CIO, and a handful of trusted staff. This will minimize the fallout from a data breach, should it occur, and further reduces the possibility of bad actors from within your organization gaining unauthorized access to data.
Formulate a clear plan that mentions which individual has access to which sensitive information for increased accountability, and communicate it to your entire team, so that everyone is on the same page.
9. Back Up Data Often
Your business should either manually back up all data to an external hard drive or the cloud, or simply schedule automated backups to ensure that your information is stored safely. That way, even if your systems are compromised, you still have your information safe with you.
This feature is frequently baked into many softwares that handle sensitive data, but it won't hurt to run an audit of all your business communications in order to ensure that no single point of failure can erase months or years of historical data.

10. Secure Your Wi-Fi Network
Say goodbye to the WEP (or Wired Equivalent Privacy) network if you still use it and switch to WPA2 (that's Wi-Fi Protected Access version 2) instead as the latter is much more secure.
WPA2 is an increasingly common standard for online security, so there's a good chance you're already using it. However, some large businesses neglect upgrading their infrastructure, and will need to make a concentrated effort to roll all their operations over to a more secure network.
To protect your Wi-Fi network from breaches by hackers, change the name of your wireless access point or router, also called the Service Set Identifier (SSID). You can also ensure that you use a complex Pre-shared Key (PSK) passphrase for additional security.
11. Secure Laptops and Smartphones
Because of the ease of carrying them around, laptops and smartphones hold a hell of a lot of valuable data, and that is also the reason they are at a higher risk of getting lost or stolen. Granted, the thieves are often more interested in making a quick buck at a pawn shop than in ransoming off your business's corporate secrets, but either way, you'll lose access to your data and your verified device.
What steps can you take to protect a physical device? Here are the biggest options available:
- Data encryption — we mentioned business-wide encryption software earlier, but sometimes an employee neglects to encyript the data on their device as well as on the cloud
- Password protection — Similarly, you'll want to have a password to enter your laptop as well as one to access online accounts. Many password managers can help with this as well.
- Remote wiping — With this ability set up, a business IT manager can remotely delete the data on a misplaced device.
Finally, a company-wide employee training session detailing the best practices for company-owned devices can be useful as well, ensuring employees know whether they can take laptops off of the premises and how to keep them safe if they do. In fact, let's give that idea its own entry:
12. Communicate Cyber Security Measures to Employees
Having a written cyber security policy listing the dos and don'ts of using office systems and the Internet is helpful, but not enough. You have to ensure that its details are communicated to and understood by your employees, so that they can put it in practice. That is the only way of making such policies effective.
You might consider bringing in a third-party consultant to check your process for any security loopholes, whether on the internet or in the physical office.
And you'll definitely want to have a process in mind for updating the entire company in the future, since you'll need to amend these policies regularly, according to the relevance of the contents.
Keeping Your Business Cyber Secure
Attempts to steal confidential data and money, or disruptions in your business are very real threats. Although a business can never be completely safe from such dangers, there are many security practices for your employees — processes and systems which can help you bust online security threats.
Keep your eyes and ears open to suspicious behavior on the part of your employees and outsiders with the help of surveillance systems to identify those with vested interests in your company. Aside from that, the above tips should come in handy to amp up your cyber security measures.