Join our Waitlist for Expert Advice!

How to Protect Your Small Business From Cyber Attacks Right Now An annual report from Verizon found one type of breach makes up 30 percent of attacks on small businesses. Here's what you need to know.

By Jessica Thomas Edited by Dan Bova

Maskot | Getty Images

For 13 years, Verizon has released its annual Verizon Business Data Breach Investigation Report, or DBIR, a comprehensive look at more than 150,000 incidents that gives business owners insight into trends in cyber attacks. As expected, the 2020 report took on more meaning: Unprecedented numbers of professionals are working from home, and small- and medium-sized businesses without clear data security policies in place are particularly at-risk right now. "Employees are dispersed and on different devices, and you don't know what they're doing. This opens up vulnerabilities like never before," says TJ Fox, SVP and president of Verizon Business Markets.

The exhaustive 120-page report breaks down threats by industry, business size and region, but there are common takeaways for owners of any size business — especially those who don't consider theirs big enough to attract cyber attacks. "Should a small business owner sit and read the DBIR from start to finish? No. But they should definitely understand what their vulnerabilities are," Fox says.

Related: How Hackers Take Advantage of a Crisis

In this time of uncertainty many small businesses are hesitant to make capital outlays on projects like a data security overhaul, but it's more important than ever. Beyond office workers turning their homes into offices, retail locations are introducing services like order pickups, and restaurants are utilizing new ordering platforms like GrubHub. All this means you're interacting with customer data on new networks in ways you've never done it before, and it's crucially important that you understand the data security implications.

In a conversation with Entrepreneur, Fox broke down four measures he considers the first line of defense for small business owners who haven't paid much attention to data security in the past. "There's no one magic button when it comes to this, but there are things you can do to greatly minimize your exposure to breaches and devastation to your business and customers."

Avoid public WiFi

If you do one thing, forbid any and all use of public WiFi for work activities. "Public WiFi is the most dangerous place on the planet," Fox says. It's a line he's been using in interviews for several years, but it doesn't make the sentiment any less important. Logging into a public WiFi network at an airport or coffee shop opens devices up to attack. Make sure your employees know it's against company policy to use public WiFi and provide alternatives such as a mobile private network or VPN for them to utilize when they're not in the office. Use mobile device management on company-owned devices like work laptops or cellphones to prohibit users from connecting to public WiFi networks.

Related: 4 Statistical Reasons Data Security Should Be a Top Priority for Small Businesses

Develop policies for suspicious emails

This year's DBIR found that 30 percent of cyber attacks against small businesses involve phishing. Do your employees even know what phishing is? If not, Fox emphasizes it's critically important they know what to look for. Make sure they know they shouldn't click on links or download files sent out of the blue, even if they appear to be from members of their organization. Set clear policies about how files should be sent between employees so that they know when something is amiss.

It's also crucial employees know this applies to all of their devices: "I met with an analyst a few years ago who said "Oh, I got a fishy email at work on my laptop, so I decided to open it up on my mobile device,'" Fox says. "It's the same thing." Using a phone makes you just as vulnerable to bad actors looking to steal information.

Related: 4 Telltale Signs Your Business Is Ripe for a Cybersecurity Attack (and How to Respond)

Have clear guidelines about downloading apps

This year's DBIR found that 43 percent of the breaches studied involved web applications downloaded from the internet to their devices. Set clear expectations about what types of applications your employees can have on their company devices — maybe they like using an application like Spotify to listen to music while they work or check sports news on an ESPN app, for example. Enact policies about where applications should be downloaded from, whether that's the App Store, Google Play or another market.

Related: Zoom's Security Pile-on Caused a Lawsuit - Are Microsoft, Cisco and Others Next?

Get on the cloud

Large enterprise organizations have whole teams to manage their data storage, but small businesses are much less likely to know the current best practices. "A lot of times small businesses have a computer that's sitting in their office or at their retail location," Fox says. "It's been there a long time, and that's where their email and records sit, and they're not keeping it updated from a patch perspective or a software perspective. That creates incredible vulnerabilities."

If you're a small business not already using cloud-based systems like Amazon Web Services, Microsoft Azure or Google Cloud, you need to seriously consider making the switch. Determining which one is right for you should be part of a comprehensive look at what data security changes you might need to make, especially right now.

Related: 6 Cybersecurity Must-Haves for Your Business

Jessica Thomas

Entrepreneur Staff

Senior Digital Content Director

Jessica Thomas is the senior digital content director at Entrepreneur. Prior to this role, she spent nearly five years on staff at Worth magazine and was a staff writer for Bustle. 

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Business News

You Have One Month Left to Buy a House, According to Barbara Corcoran. Here's Why.

"If you are planning on waiting a year and seeing where interest rates go, you are out of your mind," Corcoran said.

Thought Leaders

These 3 Trends Will Change What It Means to Be an Entrepreneur in 2025

Here are three entrepreneurship trends from the new Global Entrepreneurship Monitor report that are changing the landscape for the future.

Business News

These 3 Side Hustles Make the Most Money While Working Fewer Hours, According to a New Survey

The survey also found that having a side hustle doubled as a path to becoming more employable.

Productivity

How Knowing Yourself Leads to More Productivity and Efficiency

The problem with many plans is that they depend on your changing your life to match what someone else says will work, rather than your understanding yourself well and deciding to budget your time accordingly.

Side Hustle

I Made $14,000 in 1 Week With a Spontaneous Halloween Costume Side Hustle — Here's How

Sabba Keynejad was in art school when he started to refine his entrepreneurial skills.

Franchise

The McRib Is Back, But Only at Select McDonald's — Here's Where to Find It

This scarcity is nothing new. In 2022, McDonald's announced a "Farewell Tour" for the McRib, suggesting that it might be the last time customers could get their hands on it.