Get All Access for $5/mo

10 Questions to Ask When Creating a Cybersecurity Plan for Your Business Practical tips for protecting your company from hackers and other online threats.

By Kim Lachance Shandrow

Opinions expressed by Entrepreneur contributors are their own.


Cybercriminals are increasingly preying on small businesses, which often lack the expertise and resources to adequately protect themselves. Last year, companies with one to 250 employees were the victims of more than 30 percent of all cyber attacks, according to Symantec's 2013 Internet Security Threat Report. That's a threefold increase since 2011.

With larger companies increasing their protections, small businesses are now the low hanging fruit for cybercriminals," says Julius Genachowski, chairman of the Federal Communications Commission.

But your company doesn't have to be vulnerable if you simply take some basic protective measures. Here are 10 key questions to ask when securing your company from cybercriminals:

1. Should I install antivirus software?
Installing antivirus software and keeping it updated is a must for business owners, says Brian Underdahl, author of Cybersecurity for Dummies (Wiley, 2011). Antivirus software detects and removes malware, including adware and spyware, and filters out potentially dangerous downloads and emails.

Underdahl says he uses CheckPoint Software Technologies Ltd.'s ZoneAlarm Extreme Security 2013, a comprehensive antivirus software security package. It costs $54.95 for one year and $84.95 for two years. Other popular, effective antivirus options include Bitdefender Small Business Security ($150 for one year) and Webroot SecureAnywhere Antivirus 2013 ($39.99 for one year).

Related: Cyber Security a Growing Issue for Small Business

2. How should I handle suspicious emails from known and unknown senders?
Never open or reply to an email that seems suspicious, Underdahl says, even if it appears to be from someone you know. And after opening emails, don't click on suspicious links and attachments, he says. If you do, you could fall victim to email-borne financial and identity theft threats, including "phishing scams." Phishing emails, which appear to be from trustworthy sources, such as a bank or an online merchant you have done business with, attempt to acquire private data, including bank account and credit card numbers.

Also, recommend to your employees that they set their email client preferences to show the full address of the sender, not just the display name in the From section of their inbox, says Brett McDowell, senior manager of customer security initiatives at PayPal and a board member at the National Cyber Security Alliance Advise employees to use unique passwords for all business-related accounts online and across your company's information systems. Their passwords should include combinations of upper and lowercase letters, numbers and symbols and should be changed every 60 days or so. Also, never use the same password for different logins and never leave your password written down near your computer, Underdahl says.

McDowell recommends multi-factor authentication to verify an individual's identity, especially for financial transactions. For example, PayPal offers two extra forms of authentication to secure users' financial transactions: the PayPal Security Key, which generates random temporary security codes to verify users when they login, as well as a system that sends security codes via text message to users' mobile phones.

4. Whom should I allow access to my company's critical data?
Administrative login credentials should be given only to key company personnel, such as the CEO, CIO and trusted IT staff. Develop a clear plan that designates which individuals have access to which types of sensitive information, McDowell says.

5. Should I use a firewall to protect my company's internet connection?
Always use a firewall to protect your company's inbound and outbound network traffic. A firewall can help prevent hackers from tapping into your network and to block access to certain websites. They can also be configured to bar employees from sending proprietary data and specific types of emails outside of your network.

Firewalls come standard on most routers and similar consumer network gear. But you can add additional firewall protection for free from ZoneAlarm or Sygate Personal Firewall Free.

Related: Is Your Business Ready for Cyber War?

6. How often should I back up essential company information?
Back up your business's vital information on a regular basis automatically, using a combination of cloud and off-site backup, Underdahl suggests.

Carbonite, an online data backup service for Windows and Mac users, offers encrypted backup storage services for small businesses for $229 to $599 per year. SugarSync is a similar cloud storage provider, with business packages starting at about $550 per year.

7. Should I use data encryption?
Encryption is essential to keeping such data as credit card, bank account and Social Security numbers as safe as possible. Encryption algorithms change information in your computer files into unreadable ciphertext, or "unreadable gobbledygook," as McDowell calls it.

Whether a cybercriminal or a criminal employee walks away with some of your data, encryption would keep you protected because [he or she] wouldn't have the special keys to un-encrypt the data and make sense of it," he says. "Only you would."

If you're using Windows 8 Pro or Windows 8 Enterprise, all your local files and folders are already encrypted via BitLocker Drive Encryption. If you're using Mac OS X Mountain Lion or Mac OS X Lion, FileVault 2 automatically encrypts all your data.

8. How should I communicate company cybersecurity policies to employees?
Create a written security policy that details what employees can and cannot do on the internet while using company devices. Also, provide clear instructions as to how staff (and contract workers, if applicable) should handle vital company and customer data. Repeat your cybersecurity policies often via email and in-person meetings.

9. How can I secure my Wi-Fi network?
Instead of using an older, less secure Wired Equivalent Privacy (WEP) network, Underdahl suggests using Wi-Fi Protected Access version 2 (WPA2), which is widely considered the most current and secure encryption available.

To hide your Wi-Fi network, change the name of your wireless access point or router, also known as the Service Set Identifier (SSID). If you don't, hackers could easily breach your network using the default SSID provided by the router's manufacturer.

For added protection, you can require users to enter a 25- to 64-character alphanumeric Pre-Shared Key (PSK) passphrase.

10. How can I secure company mobile devices?
Mandate that employees create passwords for their devices. Stolen or lost company-owned mobile equipment should be reported immediately to your tech support person or IT staff so that service can be shut off.

Consider installing an app like McAfee WaveSecure (19.99 with a one-year subscription, available for iPhone, Android, BlackBerry and Windows Mobile) that enables you to remotely track the device's SIM card, back up data and remotely lock the device before hackers can get their hands on sensitive company information. For iOS, consider Lookout Inc.'s free app, Lookout Free Backup, Security, Find My Device.

Related: 8 Steps to Creating Stronger Passwords

Kim Lachance Shandrow

Senior Writer. Frequently covers cryptocurrency, future tech, social media, startups, gadgets and apps.

Kim Lachance Shandrow is a senior writer at 

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Business News

How to Be a Billionaire By 25, According to a College Dropout Turned CEO Worth $1.6 Billion

Austin Russell became the world's youngest self-made billionaire in 2020 at age 25.

Side Hustle

This Former Disney Princess Lived 'Paycheck to Paycheck' Before Starting a Side Hustle at Home — Now She Makes $250,000 a Year

Victoria Carroll's income was "sporadic" until a friend encouraged her to take her talents to Fiverr in 2018.

Employee Experience & Recruiting

The Secret to Turning Disengaged Employees into Rockstar Team Players

Transforming disengaged employees into enthusiastic team players hinges on insightful assessments, effective communication, targeted recognition and proactive career development.


Taylor Swift Has a Lucky Number. And She's Not the Only High Performer Who Leans Into Superstitions to Boost Confidence.

Even megastars like Swift need a little extra something to get them in the right mindset when it is game time.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.


SEO Trends You Need to Be Aware of Right Now, According to a Seasoned Pro

Navigate the future of search engine optimization to elevate your online presence and drive meaningful engagement.