cyber security

Cyber Security. Let’s just jump to it, with some things to consider:

Do you think your small business is at risk of being hacked? An overwhelming 87% of small business owners don’t think so. But, your business might be at risk more than you realize. About half of small businesses experience a cyber attack.

Small businesses are appealing to hackers. Small businesses typically have a moderate amount of data with minimal security. Hackers can use the stolen information to steal from many others.

Your business is at risk when you are unprepared for a cyber attack. Hackers can steal money, employee details, customer data, and vendor information. A data breach can damage your relationships with employees, customers, and vendors. And, approximately half of small businesses that have a cyber attack go out of business within six months.

Building up your small business cybersecurity is imperative. By using cybersecurity basics, you can prepare your business for cyber attacks.

Simple things matter – recent research shows too many of us still use easily hacked passwords, including ABCD, 1234, WXYZ, and the perennial favorite ‘password’.

Don’t take comfort from headlines that often highlight major data breaches in large corporations and government agencies. The REAL truth is that the vast majority of businesses being hacked are smaller.  We are too busy running our businesses and providing services to our customers to allocate the time. While we can’t afford the same level of protection as a big company, adequate computer security is not beyond reach. Hopefully, your IT provider has you generally protected.  We still wanted to spend some time offering you a list of the basics that your business needs to address in order to survive.

Start with developing a security plan for your business. By taking the time to develop a plan, you will be forced to consider all the aspects of security as they relate your devices, your network, and your data. The plan should designate who is responsible for security issues, plainly indicate compliance requirements with specific policies and procedures, and be made part of the required policies and procedures in accordance with the employee handbook (your company has one of those, right?).

Your cybersecurity policy for your business should contain the cybersecurity best practices that you expect your employees to follow. It should also contain protocols that employees need to follow in case there is a data breach. Assure that you include procedures for keeping employee, vendor, and customer information safe. Finally, your security plan should include a policy and procedure to be updated annually and distributed to all employees, along with a security update briefing.

Password protection of your computer network is pretty much a given at this point. As step 1, let’s just review this concept as it is important to observe stringent standards.  Strong passwords are a must, as is the use of prompts to update passwords regularly.  Are password management apps or stringent requirements for passwords that contain at least 10 characters and include numbers, symbols, and upper and lowercase letters mandatory? Use of written down passwords forbidden? Are there policies to deal with the sharing of passwords, even with coworkers?

Layered security to limit access can help to keep the most sensitive data as safe as possible should your system suffer a breach. This means limiting access to certain types of information by role and responsibility while adding levels of protection with additional passwords and encryption.

Do your employees use personal devices to access company data, sometimes known as Bring Your Own Device (BYOD)?  Let’s face it, as a small business, we doubt you have the capital available to provide devices like laptops, tablets, and smartphones for employees to use. That being the case, you need to create policies that allow your network administrator to install monitoring software, push automatic security updates, or call for regular password changes. You don’t necessarily need to encroach on personal privacy but you must protect your business and prevent employees from putting your network and data at risk while using their personal devices. There is a balance that must be struck between enhanced productivity, invasiveness of required software installs, and security.

Whether you are a business, individual, or non-profit – feel free to reach out to us with any follow-up questions. With one call or email we will provide you with professional, complimentary advice – no obligation. Just contact us at, or call (212) 397-2970 and we will be happy to help you and answer your questions.