02.16.20175 min read

Cybersecurity Tips for Small Business: What You Need to Know

By definition, cybersecurity is the action taken to protect computer-based systems from attack or unauthorized access. Many think cybersecurity is a problem that only plagues large corporations. We frequently hear about data breaches of big corporations and government entities such as Target, Wendy’s, the U.S. Department of Justice, and the Internal Revenue Service. But what about small businesses? They are small enough to fly under the radar of cybercriminals, right?

The truth is that small businesses are just as much at risk for cyberattacks. The reasons are simple. Small businesses typically have greater financial assets and commercially usable data than an individual, and they tend to have far less security implemented than the large companies. Many small businesses also lack the awareness and training to effectively protect themselves.

In 2016 the Ponemon Institute published the research survey titled “The State of Cybersecurity in Small and Medium-Sized Businesses,” which revealed that 55 percent of participants experienced a cyber-attack in the 12 months prior to the survey. The research went on further to show that half of those attacks resulted in the exposure of customer and employee data to the cybercriminals.

Raising awareness

The first step in thwarting breaches is the awareness that the problem exists and that your business can be targeted.  In 2015, KPMG, a professional services firm, conducted a cybersecurity survey of 1,000 small business owners. The survey entitled “Small Business Reputation & the Cyber Risk” revealed that half of the surveyed small business owners (51 percent) believe that it’s unlikely or very unlikely that they would ever be the target of a cyber-attack. The report goes on to state that 22 percent of small businesses don’t consider their data to be commercially sensitive.

This a sobering reality paints an even bigger target on the back of small businesses.

Understanding the cyber threats to small businesses

Understanding the predominant attacks, flaws, and human error exploited by hackers to target small businesses can greatly decrease the likelihood of becoming a victim. Listed below are some of the most prevalent security issues that small businesses face.

1. Web-based attacks, phishing, and social engineering

These attacks can take a wide variety of forms such as finding and exploiting vulnerabilities found in the victim's’ software, email scams designed to trick the user into divulging critical information or launch attacks such as viruses, ransomware, and system takeovers.

2. Disgruntled and/or negligent employees or contractors

Many data breaches are caused by theft or the malicious distribution of sensitive data by disgruntled employees. Numerous breaches are also caused simply due to negligence or a lack of training of well-meaning, dedicated employees, or contractors.

3. Outdated or inadequate security

Cybercriminals can and will take advantage of vulnerabilities in outdated or inadequate security. These vulnerabilities typically take the form of insecure human practices such as failing to patch software, neglecting regular system backups, failing to build an adequate firewall, or the transfer of infected files.

4. A dedicated computer for banking

Many small businesses fail to use a dedicated system for their banking. Company computers used by employees for social media, web surfing, and email can be open to vulnerabilities which could result in the theft or destruction of banking data.

5. Secure password policy

Many businesses lack a secure password policy. As a result, systems can be breached by brute force methods, exhaustive automated generation of passwords, or by simply guessing passwords based on knowledge which can be acquired through the use of social engineering techniques.

6. Secure network usage policy

Having a policy in place does not guarantee employees will follow it. It does, however, raise the awareness of security and potential threats. An effective policy also promotes a proactive stance for the company should legal issues arise.

7. Budgeting for security

A large number of companies fail to sufficiently budget for security or simply have no budget at all. In many cases, this is due to the belief that they are unlikely to be a target. In other cases, they believe that their current security practices are sufficient. Small businesses must weigh the cost of an adequate security budget against the potential costs of a breach which could be devastating.


The sheer number of attacks that cybercriminals have at their disposal is growing exponentially. Small businesses run the risk of not only losing critical customer and financial data, sales, and productivity, but they also run a substantial risk of losing significant amounts of money. In the worst case scenario, companies may be forced out of business. It is critical that small businesses take all the necessary steps to secure and protect their business data, technologies, and ultimately, their customers.

2017 Strategic Planning Kit - Download Now

Ron Smith is an Infusionsoft Sr. Quality/Security Engineer. Having served in the USAF as a security specialist, he became passionate about security. During his 20 year career, he has worked for very large companies such as Microsoft, Intel, and Pearson, but his love for small business carried him to Infusionsoft. He is also the father of five boys and an avid Harley Davidson rider and home brewer.


Was this post helpful?
Created with Sketch.
Created with Sketch.
Created with Sketch.
Infusionsoft cornerstone spinner
close button
Subscribe to our weekly newsletter!

5 Reasons to Subscribe:

1. Weekly tips to dominate sales and marketing

At our core, we're focused on helping you become a sales and marketing machine. We tap into the genius of the best salesfolks and marketers out there to give you daily tips to grow your leads, make more sales, and keep more customers.

2. Expert small business resources that cost you zero dollars

Want to go deep? We have you covered with free guides, webinars, and tools on a range of topics from marketing automation, CRM, and digital marketing to building sales and marketing strategies from the ground up. All for free. All for you.

3. We're focused 100 percent on small business success

We exist for one reason: helping small businesses succeed. We give you the ideas and insights you need to blow the competition out of the water. We serve business owners who are hungry to put in the hard work to grow their business and own the market.

4. We do the work for you

Running a small business is a 110 percent endeavor. You don't have time to surf Internet for the best small business insights and ideas out there. We'll do that for you with the best original content from our team and from industry experts and small business owners.

5. But wait, there's more!

Small business success means more than just sales and marketing, so we also hit on a range of topics to help your small business thrive, including personal and business growth, customer service, and business management.

6. Righteous GIFs

OK, we said five reasons, but we like to overdeliver...and GIFs. We really like GIFs. You're bound to see some righteous ones.

GIF of Ferris Bueler principal's assistant

P.S. We'll never give out your information. We'll only use it to send you awesome content and resources, if you're cool with that.