Skip to main content

WNC Business

Cybersecurity Basics and Fundamentals for Small Businesses

Oct 07, 2022 02:32PM ● By Joe Jakubielski

Small businesses are often the target of cyber-attacks. I believe it is possible to reduce risk by 80 percent or more by addressing basic cybersecurity needs. 

Using guidance from cybersecurity or small business organizations, I recommend addressing these basics and fundamentals:

  1. Train employees on security principles.
  2. Backup your data, learn how to recover, and patch your software.
  3. Encrypt data on your machines, run antivirus programs, and consider using a VPN.
  4. Enable multi-factor authentication on all apps and have a strong password policy.
  5. Protect your website and domain.
Use a Security Awareness Training Platform

Regular security awareness training for yourself, your leaders, and your employees should be a must. Cybercriminals are exceptionally enterprising and constantly evolving, and your organization must be the same.

Implement Backups and Recovery

Run several competent business-grade cloud backups per week – one once per day, another weekly, and another monthly. Backups should use different media and preferably be stored in separate locations. Make sure backups are on, test them periodically, and make sure you know how to recover the information.

Patch Your Machines and Software

Operating outdated software versions can be dangerous, so do not ignore newly released software updates. Updates can contain security patches for vulnerabilities that hackers may exploit. Update and patch the software on your computers and mobile devices regularly, and create policies for employees to do the same. 

Encrypt data on Your Machines and Make Sure Antivirus Programs are Running

Enable FileVault on your Mac devices and BitLocker on your Windows machines. Updated Apple and Android devices should have disk encryption enabled by default if you have a passcode on your device.

Run anti-virus programs on all devices including Macs. Attacks on Mac OS are increasing, so make sure your leaders, employees, and anyone else you are bringing on are doing it too.

Use a Virtual Private Network

Businesses can use a VPN to give remote employees access to internal applications and

data or to create a single shared network between multiple office locations. There are many VPNs available at reasonable pricing, and some are even free for both personal and organizational use.

Enable Multi-factor Authentication on All Apps

According to Microsoft, an account is 99.9 percent less likely to be compromised if using multi-factor authentication. While there are ways cybercriminals can hack around it, it is still one of the most effective protections against cyber-attacks.

Microsoft and Google have authenticators that are easy to run and install, so make sure it is on every application that you, your family, and your business run. This is even more important if you are involved in banking.

Manage Your Passwords

There might be a time when passwords are a thing of the past. In the meantime, bring out your creative side by creating unique long passwords, or you can make life easier for yourself by using a password manager. 

If you suspect your password is exposed, check out Stolen passwords are one of the easiest and most common ways data breaches happen. 

Enable Website Protection

Protecting websites can be done by enabling available web hosting company options. No matter who the hosting company is, follow all the best practices, change default passwords, and ensure the website stays up to date.

Having SSL certificates and security headers is also incredibly valuable. HTTP security headers are a fundamental part of website security. Upon implementation, they protect against the attacks that sites are most likely to encounter including cross-site scripting, code injection, and clickjacking.

Authenticate Your Emails

Leverage email authentication protocols like sender policy framework, domain message authentication reporting and conformance, and domain keys identified mail. These are controls that you must approve when mail is sent from your domains, which keeps the bad guys from doing so without permission. Without controls, bad actors can spoof domains with relative ease. 

The Carolina Cyber Center of Montreat College is a national demonstration project in state-wide cybersecurity preparation and threat mitigation.

For more information, visit