Get All Access for $5/mo

How to Protect Your Small Business From Cyber Attacks Right Now An annual report from Verizon found one type of breach makes up 30 percent of attacks on small businesses. Here's what you need to know.

By Jessica Thomas Edited by Dan Bova

Maskot | Getty Images

For 13 years, Verizon has released its annual Verizon Business Data Breach Investigation Report, or DBIR, a comprehensive look at more than 150,000 incidents that gives business owners insight into trends in cyber attacks. As expected, the 2020 report took on more meaning: Unprecedented numbers of professionals are working from home, and small- and medium-sized businesses without clear data security policies in place are particularly at-risk right now. "Employees are dispersed and on different devices, and you don't know what they're doing. This opens up vulnerabilities like never before," says TJ Fox, SVP and president of Verizon Business Markets.

The exhaustive 120-page report breaks down threats by industry, business size and region, but there are common takeaways for owners of any size business — especially those who don't consider theirs big enough to attract cyber attacks. "Should a small business owner sit and read the DBIR from start to finish? No. But they should definitely understand what their vulnerabilities are," Fox says.

Related: How Hackers Take Advantage of a Crisis

In this time of uncertainty many small businesses are hesitant to make capital outlays on projects like a data security overhaul, but it's more important than ever. Beyond office workers turning their homes into offices, retail locations are introducing services like order pickups, and restaurants are utilizing new ordering platforms like GrubHub. All this means you're interacting with customer data on new networks in ways you've never done it before, and it's crucially important that you understand the data security implications.

In a conversation with Entrepreneur, Fox broke down four measures he considers the first line of defense for small business owners who haven't paid much attention to data security in the past. "There's no one magic button when it comes to this, but there are things you can do to greatly minimize your exposure to breaches and devastation to your business and customers."

Avoid public WiFi

If you do one thing, forbid any and all use of public WiFi for work activities. "Public WiFi is the most dangerous place on the planet," Fox says. It's a line he's been using in interviews for several years, but it doesn't make the sentiment any less important. Logging into a public WiFi network at an airport or coffee shop opens devices up to attack. Make sure your employees know it's against company policy to use public WiFi and provide alternatives such as a mobile private network or VPN for them to utilize when they're not in the office. Use mobile device management on company-owned devices like work laptops or cellphones to prohibit users from connecting to public WiFi networks.

Related: 4 Statistical Reasons Data Security Should Be a Top Priority for Small Businesses

Develop policies for suspicious emails

This year's DBIR found that 30 percent of cyber attacks against small businesses involve phishing. Do your employees even know what phishing is? If not, Fox emphasizes it's critically important they know what to look for. Make sure they know they shouldn't click on links or download files sent out of the blue, even if they appear to be from members of their organization. Set clear policies about how files should be sent between employees so that they know when something is amiss.

It's also crucial employees know this applies to all of their devices: "I met with an analyst a few years ago who said "Oh, I got a fishy email at work on my laptop, so I decided to open it up on my mobile device,'" Fox says. "It's the same thing." Using a phone makes you just as vulnerable to bad actors looking to steal information.

Related: 4 Telltale Signs Your Business Is Ripe for a Cybersecurity Attack (and How to Respond)

Have clear guidelines about downloading apps

This year's DBIR found that 43 percent of the breaches studied involved web applications downloaded from the internet to their devices. Set clear expectations about what types of applications your employees can have on their company devices — maybe they like using an application like Spotify to listen to music while they work or check sports news on an ESPN app, for example. Enact policies about where applications should be downloaded from, whether that's the App Store, Google Play or another market.

Related: Zoom's Security Pile-on Caused a Lawsuit - Are Microsoft, Cisco and Others Next?

Get on the cloud

Large enterprise organizations have whole teams to manage their data storage, but small businesses are much less likely to know the current best practices. "A lot of times small businesses have a computer that's sitting in their office or at their retail location," Fox says. "It's been there a long time, and that's where their email and records sit, and they're not keeping it updated from a patch perspective or a software perspective. That creates incredible vulnerabilities."

If you're a small business not already using cloud-based systems like Amazon Web Services, Microsoft Azure or Google Cloud, you need to seriously consider making the switch. Determining which one is right for you should be part of a comprehensive look at what data security changes you might need to make, especially right now.

Related: 6 Cybersecurity Must-Haves for Your Business

Jessica Thomas

Entrepreneur Staff

Senior Digital Content Director

Jessica Thomas is the senior digital content director at Entrepreneur. Prior to this role, she spent nearly five years on staff at Worth magazine and was a staff writer for Bustle. 

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick


ChatGPT is Becoming More Human-Like. Here's How The Tool is Getting Smarter at Replicating Your Voice, Brand and Personality.

AI can be instrumental in building your brand and boosting awareness, but the right approach is critical. A custom GPT delivers tailored collateral based on your ethos, personality and unique positioning factors.

Growing a Business

He Immigrated to the U.S. and Got a Job at McDonald's — Then His Aversion to Being 'Too Comfortable' Led to a Fast-Growing Company That's Hard to Miss

Voyo Popovic launched his moving and storage company in 2018 — and he's been innovating in the industry ever since.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Business News

Apple Reportedly Isn't Paying OpenAI to Use ChatGPT in iPhones

The next big iPhone update brings ChatGPT directly to Apple devices.

Business News

Is the AI Industry Consolidating? Hugging Face CEO Says More AI Entrepreneurs Are Looking to Be Acquired

Clément Delangue, the CEO of Hugging Face, a $4.5 billion startup, says he gets at least 10 acquisition requests a week and it's "increased quite a lot."

Business News

Sony Pictures Entertainment Purchases Struggling, Cult-Favorite Movie Theater Chain

Alamo Drafthouse originally emerged from bankruptcy in June 2021.