Cybersecurity for Small and Medium Sized Businesses

Cybersecurity practices have been around now for more than 30 years, at least according to Merriam-Webster. The dictionary dates cybersecurity back to 1989 as “measures to protect a computer or computer system against unauthorized access or attack.” Simple enough.

But cybersecurity has become much more than just protecting computer systems. It’s about protecting businesses, especially those categorized as small to medium sized organizations. Here’s what we mean…

In 2019, 58% of data breaches in the U.S. involved small businesses. Of those businesses, 40% experienced eight or more hours of downtime and an average of $1.56 million in losses. Worse, in the wake of an attack, small businesses had to spend another $955,429 (on average) just to restore normal business operations.

The real kicker? Even if small businesses did get back in operation post-attack, 60% of them were out of business within six months according to the U.S. National Cyber Security Alliance.

The point is, cybersecurity for small and medium sized businesses is critical. That’s why understanding threats and having a cybersecurity plan is vital.

Understanding cybersecurity threats for small and medium businesses

As techopedia.com puts it, cybersecurity is a very broad category that encompasses numerous hardware and software technologies. “It requires an understanding of potential information threats, such as viruses and other malicious code.”

Think hackers, malware, phishing, and ransomware attacks. Unencrypted data is also a problem. And if user and system passwords are weak or defaulted or stolen, it makes stealing data that much easier.

One other increasing threat is known as social engineering. This practice relies on tricking or pressuring a user into violating security procedures to access sensitive information. While not as prevalent as malware, phishing and other types of attacks, social engineering is still a significant threat. And it should be accounted for in any cybersecurity plan.

Small and medium business cybersecurity solutions

Passwords get their share of blame for cyberattacks, but they’re still a cybersecurity tool most of us use every day. Other common tools include:

  • Anti-virus/anti-malware software
  • Two-factor authentication for user access
  • Software patches and updates, often for security
  • Network and system firewalls
  • Encryption for databases and customer data

Beyond tools like these, cybersecurity for small and medium sized businesses also relies on following security practices implemented by the organization. For instance, within the overarching goal of making security a priority, organizations can:

  • Establish enterprise-wide security plans, set password rules and password update schedules, and continually monitor employee compliance.
  • Ensure that remote workers connect to a secure network.
  • Detect questionable downloads from unknown sources and readily alert employees to them.
  • Assess what data within your business requires the most protection.

We detailed these and other organizational processes in an earlier blog on Keys to Preventing Data Theft. But with cybersecurity becoming increasingly sophisticated, we checked in with the experts at the Federal Communications Commission to also get their take.

10 FCC tips: cybersecurity for small and medium sized businesses

Every business that uses the Internet, the FCC says, “is responsible for creating a culture of security that will enhance business and consumer confidence.” To that end, the agency constantly issues new tips, and updates existing ones, on how to create such a culture. Their latest recommendations are summarized here.

  1. Train employees in security principles

Establish standard security practices and policies for employees, such as strong passwords and guidelines for Internet use. Also implement rules of behavior for how to handle and protect customer information and other vital data.

  1. Protect information, computers, and networks from cyber attacks

Keep computers “clean.” Having the latest security software, web browser, and operating system are the best defenses against things like viruses and malware. Additionally, install other critical software updates as soon as they’re available and run an antivirus scan after each update.

  1. Provide firewall security for your Internet connection

A firewall prevents outsiders from accessing data on a private network. On your company’s network, make sure the operating system’s firewall is enabled (download free firewall software online if needed). If employees work from home, make sure their home system(s) are firewall-protected.

  1. Create a mobile device action plan

Require users to password-protect their devices and encrypt their data. They should likewise install security apps to prevent criminals from stealing information if the phone is ever on public networks. In addition, set reporting procedures for lost or stolen mobile devices.

  1. Make backup copies of important business data and information

Back up data on computers on a regular basis. Critical data can include spreadsheets, databases, financial files, HR files, accounts receivable/payable files, and so on. If possible, back up data automatically, or at least weekly, and store the copies offsite or in the cloud.

  1. Control physical access to your computers and create user accounts for each employee

Prevent access or use of business computers by unauthorized individuals. Making sure a separate user account is created for each employee (strong passwords included) can help. Administrative privileges should also be given only to trusted IT staff and key personnel.

  1. Secure your Wi-Fi networks

If you have a Wi-Fi network for your workplace, make sure it’s secure, encrypted, and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it doesn’t broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router, as well.

  1. Employ best practices on payment cards

Work with banks or processors to ensure the most trusted and validated tools and anti-fraud services are being used. Further, isolate payment systems from other, less secure programs. And definitely don’t use the same computer to process payments and surf the Internet.

  1. Limit employee access to data and information, limit authority to install software

Do not provide any one employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs. They also should not be able to install any software without permission.

  1. Passwords and authentication

This goes back to Tip #1. Require employees to set unique passwords and change passwords at least every 60-90 days. Multi-factor authentication that requires additional information beyond a password to access systems also helps, including for vendors that handle sensitive data for your company.

Take these precautions, and your business will have a better chance of not being a cyberattack statistic.


Cybersecurity for small and medium sized businesses is vital, and Visual Edge IT is here to help. To start, we recommend a risk assessment to identify and clearly define your company’s cybersecurity needs. Other resources we offer help your office and workforce operate as securely as possible with few interruptions in service for your customers. Contact us to get started.