15 Tips to Protect Your Small Business on the Internet

If you operate a business today in the United States, you have exposure to hackers, scammers, malware, phishing schemes, and much, much more.

Experts estimate that 60% of small businesses that experience a major cyberattack fail within six months. That’s a pretty scary statistic.

See https://smallbiztrends.com/2017/01/cyber-security-statistics-small-business.html

CyberThreatsHere are a few ways to make yourself a little safer.

1) Scan your computer(s) at least every week with a good virus scanner. Keep the anti-virus software up to date with the latest virus updates.

2) Maintain all software on your computer. Check for new patches, updates, etc. every few weeks. My antivirus software does this automatically. Common vulnerabilities are “drivers”, pdf readers, Active X controls, etc. Hackers love photos, email and videos.

3) Change your passwords at least once a year, and make sure they are strong (best is 8 characters or longer, with mix of numbers, upper and lower case letters, special characters, etc. Some sites do not allow special characters in passwords. In such cases use more than 8 characters if allowed.)

4) Do not store passwords on your computer unless you have some sort of password vault software. Don’t use the same password across multiple accounts. Don’t share critical passwords with other people. And don’t post sticky notes with passwords on your monitor or desk!

5) Turn on your computer firewall if it isn’t active already. Check the camera on your computer to make sure no one is watching you (a simple fix is to put some black tape over the lens when you are not using it.)

6) Consider using VPN software. Here is a review: https://www.pcmag.com/article2/0,2817,2403388,00.asp

7) Watch out for phishing emails. These are emails that appear to be from a trusted source, such as a bank, but are really from bad guys. They are getting more and more sophisticated. If you get an email that looks suspicious, don’t click on any links. Instead, call the customer service number on one of your account statements.

8) Do not email or store documents with your social security number, credit card information, etc. on your computer. Never store customer or vendor credit card information on any computer unless it is through a secure service.

9) Set up a credit freeze with one or more credit reporting agencies (Equifax, Transunion and Experian). Note that Experian was hacked through a ridiculously simple security flaw, so caveat emptor always applies.

10) Check your individual and business credit reports at least once a year. Sign up for a credit alert group, or subscribe to Lifelock.

11) Set up two-factor authentication on all critical accounts (definitely financial ones).

12) Set up alerts on all credit cards and financial accounts. For example, set an alert if a withdrawal of more than $500 occurs in your business checking account, or your credit score changes by more than 10 points, or a new transaction occurs on your business credit card, etc.

13) Back up critical files on a device in your possession (memory stick for example) or on a reputable, secure cloud service such as Carbonite.

14) Never give out passwords over the phone to salespeople or customer service people. This is actually the easiest and most common way bad guys get access to networks and critical data.

15) Don’t go it alone, especially if you have multiple employees or computers. Ask around and find a good IT consultant who can help you stay secure. Depending on the size of your exposure, and your risk tolerance, you can either go with an IT security audit or set up continuous monitoring.


There are many other things you can do to try to protect yourself, but odds are — sooner or later — you will be attacked by a virus or malware, or experience identity theft. The Equifax hack affected more than half the US population. Yahoo was probably almost as bad. Then there was Target, US Department of Housing and Urban Development, Marriott, Experian, Facebook, and on and on.

Everybody, and every system, is vulnerable to some sort of attack. But if you follow the steps outlined here, you can make it a little harder for the bad guys.

Here are a few other useful links.





About Andrew Clarke

Andrew Clarke is President of Ground Floor Partners. Over the past twenty years he has advised hundreds of small businesses on strategy, marketing, real estate and finance. He is passionate about small business, social and environmental justice, and is a proud member of the American Sustainable Business Council, Food and Water Watch, Green America, Food Consultants Group, and the American Planning Association.

View All Posts