Why Small Businesses Can’t Afford to Ignore Basic IT Security Steps

Is your small business taking steps to protect your IT network? If not, you aren’t alone: 

Small Businesses Steps
of small and medium sized businesses aren’t prioritizing improvement to online security for future business growth
Business Step
say they don’t believe they are targets for attacks as they don’t have anything worth stealing
Business Step
believe that cyber security is too expensive to implement

Sound like you?

We know that thinking about cyber security isn’t most people’s idea of fun. It’s easy to avoid having a serious conversation about what your business needs to do to stay safe – until it’s suddenly too late and you’ve found yourself knee-deep in a potentially business-destroying crisis.

Think that won’t happen to your business?

We’d all like to believe we’ll never be impacted by cyber crime. The truth, however, is quite the opposite:

  • 60% of targeted cyber-attacks hit small and medium sized businesses.
  • Nearly 60% of small businesses will be forced to close within 6 months of being a victim of cybercrime.

About The Safe Small Business Guide

This guide is meant to help business owners understand the realities of how cyber crime can impact their business and what they can do to protect themselves.

Although the statistics regarding cyber crime committed against small businesses may seem grim, we want to inspire you to take action. After all, small businesses are an easy and frequent target of cyber crime because they are so frequently ill-prepared to prevent such an attack.

The tactics outlined here will help keep your business from being an easy target.  While these steps can’t guarantee total protection, these methods are proven to reduce the chances a criminal infiltrates your network.

The Essential Security That Small Businesses Can’t Skip

Cyber security can seem overwhelming, especially when you’re implementing security procedures for the first time. The good news is that it doesn’t have to be.

There are steps that all businesses must take to achieve a baseline level of network security. The following are rudimentary steps to take to establish the most basic level of security for your business. It’s important to note that these steps are a crucial starting point, but alone are not enough to fully prevent risk.

Essential Security Methods For Your Business


  • Password Policies: Require users to have strong passwords (those that contain a combination of uppercase and lowercase letters, numbers and symbols) that must be changed after a set period time (such as every 6 months)
  • Email Security: Have programs in place to block spam, viruses, malware and phishing attempts. Educate users on safe email habits, such as not downloading attachments or clicking on links sent from unknown senders.
  • Web Security: Web filtering services can prevent your employees from visiting sites that are often sources of malware infections, but that may show up as a Google search result. Web filtering can also help control your employees’ browsing habits to keep them focused while at work.
  • Antivirus: Run an antivirus program that scans your users machines to detect any viruses.
  • Backup: Frequently back up company data to multiple locations. If you lose access to data you will be able to restore from one of your backups.

What Happens When You Skip Basic Security Tech?

We know. You’re wondering if you REALLY need to implement those basic security steps for your company. What’s the worst that could happen?

We recently had a client who, in an effort to reduce costs, had skipped adding email filtering and all necessary security systems on their firewall. They also had no antivirus system and an ineffective backup system.

One day, they came to us in a panic. Why?

They had been infected by a ransomware virus.

What could have been easily prevented with a few basic security measures resulted in one week of lost data, one day of downtime, and a $2,000 IT bill.

The scary part of this story? This isn’t even a worst case scenario. Considering that 60% of small and medium sized businesses close within six months of a cyber attack, we’d argue that this client got off relatively easy.

Do You Need Secondary Safeguards?

Even if you have the essentials in place, you still have exposure to cyber crime. Every business must determine if the costs outweigh the benefits of various secondary security measures, including:

  • Encryption: A process that makes it difficult for unauthorized individuals to access data by scrambling its contents.
  • Two-factor authentication: A security process that adds a second step to your login procedure, such as entering a PIN number sent to the phone number that is on file for your account.
  • Data recovery and business continuity plan: Predetermined procedures for safe guarding and recovering data, as well as a procedure to allow your business to continue operating if it is impacted by an interruption such as a fire, power outage, or even IT system crash.
  • Employee training: Training employees to identify and avoid risks while using your company network.

Auditing Your IT Network

  • Performing regular IT audits will allow you to know what your network’s strengths are and what you should focus on to ensure a secure network. You should work with a trusted IT provider to determine which risks matter to you and which you are willing to invest in remediating.
  • If your business is regulated -- or you or your clients are subject to any compliance standards -- an annual audit with subsequent remediation should be part of your IT budget.

CyberthreatThe Cyber Threat That Could Destroy Your Business (If You Aren’t Prepared)

Ransomware is the single greatest threat to your business operations.

What is ransomware?

A specific type of malware that prevents users from accessing their computer system. Sometimes, it encrypts specific data on a computer system. In order to regain access, users are forced to pay a ransom to the attacker.

–Current ransomware threats include Cryptowall and Cryptolocker

You have three options for how to respond to a ransomware attack:

1.Pay the ransom (usually hundreds or thousands of dollars) to retrieve data

2.Refuse to pay but lose your data

3.Restore from a backup (the best option, but it only works if you have previously backed up your data)

The Best Way To Ensure You Can Recover From A Ransomware Attack

Backup is the single best investment to ensure you can recover from the threat of ransomware.

However, in order for a backup to be an effective recovery tactic, you must back up frequently and to multiple backup locations. If you don’t back up frequently, you may not be able to recover all of the data you lost. If you only backup to one location, and that location is compromised or damaged, you won’t be able to access your data.

Are You Ready To Secure Your Network?

If you want to protect your business from cyber crime, you must take precautionary measures to ensure a secure network.

Whether you stick to the essentials or also include secondary measures in your plan, you’ll be making it much harder for your business to be compromised.


SMEs and Cyber Attacks: What You Need to Know - Towergate Insurance
Most Small Businesses Don’t Recover From Cybercrime – Fox Business