Cyber Security Checklist for Small Businesses | Inc Authority

Small Business Blog

Cyber Security Checklist for Small Businesses

Posted on

Estimated reading time: 6 minutes

In 1990, the first Web page was posted online by Sir Tim Berners-Lee, a British computer scientist. A little more than 30 years later, we are facing a major security crisis in the form of cyber threats. And these threats are among the most urgent dangers to America’s economic and national security.

While the Internet provides global access, speed, connectivity, and efficiency, these conveniences also open the door to theft, fraud, extortion, and terrorism.

The truth is the Internet was not built for any type of protection or security. Its anonymity means that foreign governments, criminals, terrorists, and lone actors can easily target computer networks, steal trade secrets, and violate privacy.

By the end of 2022, the expected global cost of cybercrime is 6 trillion dollars, and this figure is expected to reach as high as 10.5 trillion dollars in 2025, according to Cybersecurity Ventures. In order to cope with these increasing cyber threats, the global information security industry is predicted to increase to 170 billion dollars this year.

Numerous organizations, including SolarWinds, Microsoft Exchange, Colonial Pipeline, Yahoo, Equifax, Facebook, Marriott, and JP Morgan Chase have experienced breaches costing hundreds of millions of dollars. And cyber criminals also have repeatedly targeted the federal government, with one incident in the Office of Personnel Management involving the theft of personal information of millions of federal employees.

In an effort to improve the nation’s cyber security, protect federal government networks, and enhance information sharing between the U.S. government and the private sector, President Biden signed a 30-page Executive Order on May 12, 2021.

The order covered numerous security issues, including moving the Federal government to secure cloud services and ensuring government agencies evaluate the software needed for their IT infrastructures, as well as the adoption of Zero Trust architecture and the deployment of Multi-Factor Authentication (MFA), endpoint detection and response, and encryption.

But these comprehensive changes won’t happen overnight.

In the meantime, many small organizations are wondering: ‘How can we protect ourselves now?’

The problem is that many small business owners are operating under a false sense of security, convinced their companies are safe from hackers, viruses, malware, and data breaches. This disconnect is largely due to the widespread belief that small businesses are unlikely targets for cyber attacks. However, this is completely false.

Contrary to popular belief, many cyber criminals are just searching for the path of least resistance. In fact, according to a Symantec study, 43 percent of attacks are against organizations with fewer than 250 employees.

Simply put, a majority of small businesses lack a formal internet security policy for employees, and only about half have simple cyber security measures in place. Additionally, only about a quarter of small business owners hire external companies to test their computer systems and ensure they are hacker proof, and less than half don’t have their data backed up in more than one location.

To help small businesses stay safe, the Federal Communications Commission (FCC) provides the following cyber security checklist for today’s small businesses:

Train employees in security principles: Establish basic security practices and policies for employees, such as requiring strong passwords, and create appropriate Internet use guidelines that detail penalties for violating company cyber security policies. Develop rules describing how to handle and protect customer information, and other sensitive data.

Protect information, computers, and networks: Keep clean machines: having the latest security antivirus software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.

Provide firewall security for your Internet connection: Make sure the operating system’s firewall is enabled or install free firewall software. If employees work from home or off-site, ensure that their home system(s) are protected by a firewall.

Create a mobile device action plan: Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password-protect their devices, encrypt their data, and install security apps to prevent criminals from stealing sensitive information while the phone is on public networks.

Make backup copies of important business data: Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files.

Control physical access to your computers and create employee user accounts: Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords.

Secure your Wi-Fi networks: If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted, and hidden.

Employ best practices on payment and credit cards: Work with banks or processors to ensure the most trusted and validated tools and anti-fraud services are being used.

Limit employee access to data and information: Do not provide any one employee with access to all data systems. Employees should only be given permissions to the specific data systems that they need for their jobs.

Password policy and authentication: Require employees to use unique passwords and change passwords every three months. Consider implementing multi-factor authentication that requires additional information beyond a password to gain entry.

Because some small businesses don’t believe they have vulnerabilities to attacks, security breaches or feel hesitant when it comes to spending money on cyber security measures, many put off making necessary improvements to their security protocols – until it’s too late. As a result, you must act now.

In the words of Stephane Nappo, the Global Head of Information Security for Société Générale International Banking, “It takes 20 years to build a reputation and only a few minutes of a cyber incident to ruin it.”


UpCity, a small business intelligence firm, surveyed 600 business owners and IT professionals on their 2022 cyber security plans, priorities, and budgets. Findings include:

· Only 50 percent of U.S. businesses have a cyber security plan in place.

· Of those, 32 percent haven’t changed their cyber security plan since the pandemic forced remote and hybrid operations.

· The most common causes of cyber-attacks are malware (22 percent) and phishing (20 percent).

· Cybercrime cost U.S. businesses more than $6.9 billion in 2021, and only 43 percent of businesses feel financially prepared to face a cyber attack in 2022.

Anything worth your time and energy should certainly be worth protecting. Get started with your small business today and speak to one of our many Business Specialist. We’re here to answer your questions and guide your business to success. Form your free LLC today! 

Share this article: