5 Cybersecurity Steps all Business Owners Should Take



“You may have to fight a battle more than once to win it.” - Margaret Thatcher

Whether your business is in full-on work-from-home mode, or your business is such that this is a totally foreign concept, the reality is that cybersecurity steps are something you absolutely need to address.

Your office computers, employee laptops and tablets, cloud services (which can be accessed remotely), and even company cell phones all have an insane amount of information on them that hackers would love to get their digital hands on. Along with customer credit card numbers and employee SSN’s and DOB’s, your digital records contain a wealth of valuable information. Even something as seemingly innocuous as customer estimates and invoices can look like hidden treasure to the world’s digital pirates.

Taking basic cybersecurity steps is cheap protection against potentially embarrassing and expensive data breaches.

If you do have employees working remotely, it’s your responsibility to protect customer and employee data. Just like the IRS sets minimum requirements for us to protect YOUR private information, you should also set minimum standards for cybersecurity in your own business.

A recent study by Shred-it (business document destruction company) stated that a whopping 96% of American consumers consider a business’s employees to be the largest risk factor for a data breach. So, how do you put your customers at ease, do the right thing, and help prevent data breaches and ensuing expensive lawsuits?

Step 1: Have a Written Policy
The first of the five cybersecurity steps you need to do in order to protect against data breaches is to have a written policy at your company about data security. You need to put rules in place that both protect data and prevent your employees from taking shortcuts that put valuable information at risk.

For example, you’ll want a policy that covers minimum password complexity as well as a process in place for ferreting out all those “abc123” and “password” passwords.

Your written cybersecurity policy should outline the basic things your staff should do to keep things secure. Be sure that your policy includes the use of proactive defenses like anti-virus/anti-malware scanners, drive encryption, and software firewalls.

You’ll also want to specify what software programs and apps are okay for your employees to use when accessing company information.

Step 2: Use Secure Connections
Using secure connections is the next one of the cybersecurity steps to take. One of the most common ways that criminals access company data is when employees are using unsecured, public Wi-fi networks, such as the restaurants FREE network.

Even if they’re at home, most people don’t properly secure their home routers. It is essential to provide some level of technical support, at company expense (deductible, of course!), to help at-home employees secure their Wi-fi connections.

You should also consider subscribing to a secure VPN service. These services are affordable and provide a secure “tunnel” between an employee’s home internet and your business network. Make sure to choose a service that uses top level encryption across the entire span of that “tunnel.”

Step 3: Use Password Managers
Of the many cybersecurity steps you should take, this might be the most important one across the board. Weak passwords (remember “abc123”?) are everywhere. This tends to be one of the weakest links in cybersecurity, especially for small businesses. With all the services and software that your business runs on these days, your employees likely have a metric boat load of passwords that they can’t possibly remember.

Which means they are probably “recycling” their passwords. (Yeah, that’s not a good thing.)

While choosing more secure passwords is a good starting point, it may be worth investing in a password manager for every member of your team. Tools like LastPass and 1Password are very affordable and go a long way with helping your employees create secure, unique passwords for all the services they need to access.

Step 4: Use 2-Factor Authentication
Two-factor authentication (or 2FA as the cool kids call it), adds a layer of security on top of passwords. Even if a password gets hacked, 2FA is one of the very difficult cybersecurity steps to hack.

2FA requires that you enter a code to access an online service. This code can be sent as a text message to an approved cell phone or can use a special security fob that shows a number which changes frequently. Some new systems may also use fingerprints or retinal scans to ensure the right person has access to company data.

Step 5: Install the Updates
Have you ever skipped a software update that your computer is demanding that you install? Yeah, so has everybody else.


Keeping software up to date is important for preventing data breaches. These updates frequently eliminate known vulnerabilities in software. The only way you’re protected from certain types of cyberattacks is to close that door by installing the update.

Maintain Security Awareness
While a lot of these techie things may sound overly complicated at first, they become second nature once you and your employees start using them. With proper education, the right policies, and with you setting the example as the owner of the business, your team can easily embrace the basic steps that will prevent the vast majority of data breaches.

From a purely financial perspective, it’s also just cheaper to put these protections in place than it is to defend yourself against a lawsuit in the event of a data breach. So, if nothing else, take these cybersecurity steps because of the money. :)

BE THE ROAR not the echo®


Janet Behm
Utah Real Estate Accountants
(801) 278-2700


Be the First to Comment: