How to Protect Your Small Business From Cyber Attacks Right Now An annual report from Verizon found one type of breach makes up 30 percent of attacks on small businesses. Here's what you need to know.

By Jessica Thomas

Maskot | Getty Images

For 13 years, Verizon has released its annual Verizon Business Data Breach Investigation Report, or DBIR, a comprehensive look at more than 150,000 incidents that gives business owners insight into trends in cyber attacks. As expected, the 2020 report took on more meaning: Unprecedented numbers of professionals are working from home, and small- and medium-sized businesses without clear data security policies in place are particularly at-risk right now. "Employees are dispersed and on different devices, and you don't know what they're doing. This opens up vulnerabilities like never before," says TJ Fox, SVP and president of Verizon Business Markets.

The exhaustive 120-page report breaks down threats by industry, business size and region, but there are common takeaways for owners of any size business — especially those who don't consider theirs big enough to attract cyber attacks. "Should a small business owner sit and read the DBIR from start to finish? No. But they should definitely understand what their vulnerabilities are," Fox says.

Related: How Hackers Take Advantage of a Crisis

In this time of uncertainty many small businesses are hesitant to make capital outlays on projects like a data security overhaul, but it's more important than ever. Beyond office workers turning their homes into offices, retail locations are introducing services like order pickups, and restaurants are utilizing new ordering platforms like GrubHub. All this means you're interacting with customer data on new networks in ways you've never done it before, and it's crucially important that you understand the data security implications.

In a conversation with Entrepreneur, Fox broke down four measures he considers the first line of defense for small business owners who haven't paid much attention to data security in the past. "There's no one magic button when it comes to this, but there are things you can do to greatly minimize your exposure to breaches and devastation to your business and customers."

Avoid public WiFi

If you do one thing, forbid any and all use of public WiFi for work activities. "Public WiFi is the most dangerous place on the planet," Fox says. It's a line he's been using in interviews for several years, but it doesn't make the sentiment any less important. Logging into a public WiFi network at an airport or coffee shop opens devices up to attack. Make sure your employees know it's against company policy to use public WiFi and provide alternatives such as a mobile private network or VPN for them to utilize when they're not in the office. Use mobile device management on company-owned devices like work laptops or cellphones to prohibit users from connecting to public WiFi networks.

Related: 4 Statistical Reasons Data Security Should Be a Top Priority for Small Businesses

Develop policies for suspicious emails

This year's DBIR found that 30 percent of cyber attacks against small businesses involve phishing. Do your employees even know what phishing is? If not, Fox emphasizes it's critically important they know what to look for. Make sure they know they shouldn't click on links or download files sent out of the blue, even if they appear to be from members of their organization. Set clear policies about how files should be sent between employees so that they know when something is amiss.

It's also crucial employees know this applies to all of their devices: "I met with an analyst a few years ago who said "Oh, I got a fishy email at work on my laptop, so I decided to open it up on my mobile device,'" Fox says. "It's the same thing." Using a phone makes you just as vulnerable to bad actors looking to steal information.

Related: 4 Telltale Signs Your Business Is Ripe for a Cybersecurity Attack (and How to Respond)

Have clear guidelines about downloading apps

This year's DBIR found that 43 percent of the breaches studied involved web applications downloaded from the internet to their devices. Set clear expectations about what types of applications your employees can have on their company devices — maybe they like using an application like Spotify to listen to music while they work or check sports news on an ESPN app, for example. Enact policies about where applications should be downloaded from, whether that's the App Store, Google Play or another market.

Related: Zoom's Security Pile-on Caused a Lawsuit - Are Microsoft, Cisco and Others Next?

Get on the cloud

Large enterprise organizations have whole teams to manage their data storage, but small businesses are much less likely to know the current best practices. "A lot of times small businesses have a computer that's sitting in their office or at their retail location," Fox says. "It's been there a long time, and that's where their email and records sit, and they're not keeping it updated from a patch perspective or a software perspective. That creates incredible vulnerabilities."

If you're a small business not already using cloud-based systems like Amazon Web Services, Microsoft Azure or Google Cloud, you need to seriously consider making the switch. Determining which one is right for you should be part of a comprehensive look at what data security changes you might need to make, especially right now.

Related: 6 Cybersecurity Must-Haves for Your Business

Jessica Thomas

Entrepreneur Staff

Senior Digital Content Director

Jessica Thomas is the senior digital content director at Entrepreneur. Prior to this role, she spent nearly five years on staff at Worth magazine and was a staff writer for Bustle. 

Editor's Pick

Related Topics

Business Ideas

This Teacher Sells Digital Downloads for $10. Her Side Hustle Now Makes Six Figures a Month: 'It Seems Too Good to Be True, But It's Not.'

When one middle school teacher needed to make some extra income, she started a remote side hustle with no physical products and incredibly low overhead. Now she brings in six figures each month, and offers courses teaching others how to do the same.


How to Win Over the Room With Effective Persuasion Skills

The art of persuasion is not just about the notes, the data, and the pitch; it's about creating a connection that resonates with the audience. We explore how a blend of story, active listening, and genuine interaction can not only capture attention but also win hearts and minds, setting the stage for achieving success in any meeting.


'I Haven't Ticked All the Boxes Yet.' Hilary Duff Reveals Her Next Venture After More Than 2 Decades in the Spotlight — and the Surprisingly Relatable Key to Her Enduring Success

The actor talks entrepreneurship, secrets to success and her latest role as chief brand director for Below 60°, a product line of air fragrances.


Great Leaders Must Be Great Coaches — Here's How to Become One

To be a successful leader, you must become an expert in how to help others grow and develop. Here's a research-driven approach for entrepreneurial leaders to coach and effectively develop their teams.

Business News

An Ivy League University Is Teaching the Secret of Taylor Swift's Success

Several major universities have added courses dedicated to studying Swift's star power.


Google Is About to Delete Inactive Accounts. Here's How to Avoid A Massive Gmail Bounce Rate.

Google will start deleting inactive accounts soon. For businesses like yours, that means many Gmail contacts will probably bounce. Here's how you can avoid that – and keep your business emails landing in the inbox.