Skip to Content
© Ratz Attila |
Small business

10 ways to reduce cybersecurity risks for every small business

Presented by IDrive

Presented by IDrive

Save 90% on 5 TB of cloud backup at when you use promo code "Kim" at checkout.

Giving your company an online presence is a critical networking tool and helps you compete in today’s competitive marketplace. Though taking your business to the web provides a closer relationship to your consumers, it also exposes your organization to online security risks.

Confident your company is safe from ransomware attacks simply because you are a small to medium-sized business (SMBs)? Don’t be. Complacency in security measures can prove to be costly and could result in the demise of your company.

But it’s easy to protect your business from cyberattacks with Kim’s go-to sponsor, IDrive. Back up all your PCs, Macs and mobile devices into ONE account for one low cost! Go to and use promo code Kim for a killer deal negotiated just for you!

How costly can cyberattacks be?

According to an insurance journal report, the average cost for a cyberattack recovery is $400,000. The magnitude of damage also results in 60% of companies going out of business within six months of an attack. 

With the ever-increasing potential for cyber threats, companies need to understand these security risks, how to take effective action against them and recovery steps if business data and information are compromised.

How worried should SMBs be?

In addition to complacency, many SMB owners and employees deny their company is a target of online criminals merely because they do not maintain a large amount of data compared to enterprises or corporations.

This belief can be dangerous. The smaller the company, the fewer networks it has, which makes it an easy target for hackers. Need a bit more convincing that cybercrime is an SMB problem? More than 40% of all cyberattacks are directed at small businesses.

10 tips to reduce cybersecurity risks

Let’s face it; once your SMB has fallen prey to a cyberattack, it is a little too late to protect your company’s data and information. Whether it be malware, phishing, advanced persistent threats (APT) or a distributed denial of service (DDoS) there are proactive measures you can implement that will safeguard your networks.

1. Train employees

Human error or system failure accounts for 52% of data security breaches, so it is imperative to create a cyber strategy and train employees on network security procedures.

Training should include proper methods for securing devices, recognition of cyber threats, understanding of confidential data and the importance of SSL certificates.

2. Protect passwords

© Michael Borgers |

Cybercriminals require only a bit of software and malicious intent to obtain passwords from unsuspecting victims. Ensure your business has a password policy in place, limiting employees’ access to specific passwords.

Company passwords must also be diverse, with no repetition or a variance of a single password. In addition, it is necessary passwords are updated regularly, and the policy includes accountability if any passwords are lost.

3. Install anti-malware software for SMBs

Just about every system has been a victim of malware. There is a wide variety of malicious software including Trojans, worms and spyware. These insidious attacks can potentially destroy your work station.

Anti-malware software will run in the background of your computer, targeting and destroying malware.

4. Monitor admin privileges 

Establishing the bounds of user activity via permission and privilege settings on your network will help reduce security risk. This process allows administrators to restrict and protect sensitive data as much as possible.

5. Limit personal mobile device usage

SMB guidelines for personal device use during working hours should prevent employees from accessing business data using their mobile gadgets. If an employee works mostly on a personal device, it is essential they secure the equipment properly.

Additional security steps include backing up devices on a consistent schedule, and using encryption and a remote wipe feature.

6. Assess third-party security capabilities

Your SMB system is not the only one potentially vulnerable to cyberattacks. If you do business with vendors or third parties, you should inquire about their security capabilities before working with them.

Ask about the company’s security policies, procedures, employee-training and how often they back up data and perform system checks.

7. Keep security software updated

© Andrey Tolkachev |

Not having the most current version of security software leaves your system defenseless. One of the simplest ways to protect your business from cyber risks is by turning on automatic updates on a PC or Mac.

This option will allow your system to receive updates when they become available. You should always install updates immediately.

8. Back up your data

There is nothing worse than falling victim to a cyberattack and losing all of your information. To avoid this situation, backing up your company’s data is imperative. Make it a routine to back up any crucial files, databases, correspondence and other vital material to additional hard drives.

9. Use an assortment of data-security controls

One of the most effective methods of deterring hackers is to use several controls such as encryption, authentication and authorization. From your login credentials to the content on a webpage, these three controls provide multi-layer protection for your system.

10. Employ third-party SaaS security provider

If your company relies on cloud computing, consider employing a third-party SaaS (Software as a Service) security provider. Although there is a monthly subscription fee, sourcing your security needs through the cloud protects your data.

An additional perk is operations run on the cloud, thereby, eliminating the need for software installation and maintenance.

Recovering from a cyberattack

Maybe you didn’t implement preventative measures and now you find your system is compromised. What are the recovery steps?

It is recommended a company take responsibility and report the incident as soon as possible, which may result in damage to your SMB’s reputation, albeit, usually for a short duration; however, if you choose not to make the situation known, you run the risk of destroying your business’ reputation regardless.

Once a breach has been identified, you also need to reset all passwords, clean and reformat any infected hard drives, reinstall any necessary software and recover your backup data from your supplemental drive.

It’s easy to protect your business from cyberattacks with Kim’s choice, IDrive. Back up all your PCs, Macs and mobile devices into ONE account for one low cost! Go to and use promo code Kim for a killer deal negotiated just for you!

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days