How To Not Get Hacked: 8 Security Steps For Small Businesses

Last Updated on August 21, 2023 by Labib Ahmad

What is a data breach?

A data breach also known as a cyberattack occurs when hackers or unauthorized individuals gain access to confidential or private information, such as personal details, financial data, or sensitive records, which they aren't supposed to have.

How do data breaches happen?

Every day there seems to be a new data leak from the world's largest companies. Did you know that in 2022, over 422 million individuals were affected by data breaches in the United states alone. While small business leaks don't create the same kinds of headlines as mega corporations, they are being targeted by hackers and cybercriminals in droves.

How to prevent data breach as a small business

Small business owners are easy targets because most of them do not take the basic security precautions that would protect their business from cyber-attacks. As business owners lock the doors at night and install security cameras, they should also incorporate basic online security precautions as part of modern best business practices. It can be inexpensive, fast, and help your business get ahead, since many small businesses (and likely several of your competitors) do not.

8 easy tactics to start implementing

Here are eight easy steps that make both you and your business more secure while helping you protect users. These recommendations can also be applied to your home computers and networks to help you protect your personal data.

1. Keep your computer updated

Cost - free

This is the number one most recommended step by security experts. It's also the easiest step to take. Always make sure to update to the latest versions of your operating system whether it's Windows or macOS. Microsoft and Apple have teams working hard every day to patch security holes. All you have to do is install the updates to keep your operating systems up to date.

To make this process simple, just enable automatic updates. They usually install at night so they don't bother you during the day. If you’re still using Windows 7, Windows 8, or worse Windows XP, update to Windows 11 as soon as ASAP. Older versions of Windows are no longer receiving security updates and are a risk to your data.

2. Don't send passwords through email

Cost - free

It sounds obvious but unfortunately, emailing passwords is a common bad habit because it's just so easy to do. The security rule-of-thumb for email is to assume it's all public. This means you should never send any kind of sensitive information over email, especially passwords.

Instead, ask the recipient for their cell-phone number and send them a text message instead. Many messaging apps, such as WhatsApp, have end-to-end encryption to protect chats.

3. Use a password manager

Cost - free

Most people have way too many passwords to remember, and small business owners have even more. To make things even more challenging, many websites now ask you to change your password every 30 to 90 days. These passwords are now also required to become longer and longer with more special characters. Sometimes it's just easier to start cutting corners by using variations of the same password over and over again. So how can you maintain strong passwords without cutting corners?

The easy answer is to stop trying. Instead, use a password manager that stores all of your passwords and generates long, complex passwords when they expire. Use a free password manager like KeePass, or an online password vault such as LastPass. They help you build better password habits.

4. Update your wireless internet router

Cost - free

Remember that wireless internet router gathering dust in your utility closet? When was the last time you downloaded a security patch for it? Or replaced the password from the default "admin/admin"?

Routers have security vulnerabilities just like any other device, but most people never bother updating them. That means that someone could be surfing your network without needing your WiFi password, or simply viewing your Internet traffic, seeing things like the login to your online banking.

Take the time to log in to your router and download the latest patches.

5. Use anti-virus software

Cost - $30-100/year for a subscription

Antivirus and anti-malware software has been around as long as the internet. This software actively monitors your computer for malicious files. It also helps protect you from ransomware, which is when a virus is installed on your computer, then holds your files ransom until you pay the fraudsters to release them.

Don't assume that your Mac or smartphone can't get viruses either - they are often just as susceptible to malware as Windows. Most antivirus programs come with a complimentary app for your phone as well.

What to take it a step further? Install a personal firewall such as ESET's Internet Security, which warns you every time a new program tries to communicate out to the internet.

6. Encrypt your hard drives

Cost - Included in macOS and Windows Pro

Having a password on your computer does not mean that your files are protected; your files are actually quite easy to access even without your password. Imagine someone breaking into your business and stealing your computer, or your laptop getting stolen at the airport. Imagine the thief now having all of your files. Not a great feeling right? But what if all those files were encrypted? The monetary loss of your laptop would be unfortunate but your data would be secure.

Encrypting your hard-drive is actually quite easy. For Windows, you right-click on any drive and select "Encrypt with BitLocker. For Mac computers, the feature is called FileVault and is available to all macOS users.

7. Secure your Wi-Fi

Cost - free

Before WiFi, a fraudster had to break into your business and plug a computer into your network to access it. Now, they can just sit outside your building and connect by using your WiFi.

While disabling your WiFi is the best way to secure it, it's not a popular recommendation. But there are ways to make things more secure. First, make sure to use a strong password and use the strongest cipher-type when making a selection.

Most routers will also let you create a separate Guest WiFi so that you keep your patron and business networks separate.

8. Use two-factor authentication

Cost - free

Having a password is not enough; it's too common to have them stolen, and most people have the bad habit of using the same password for everything.

Two-factor authentication helps by adding another level of security on top of your password. Two-factor is about having two items to authenticate yourself:

1. Something you know, such as your password
2. Something you have, such as your phone or a key-token

This way if someone gets your password, they can't log in because they don't have the second item.

More and more service providers, including Gmail, are starting to offer two-factor authentication. It can be as easy as getting an SMS text message sent to your cell phone that gives you a temporary PIN code when logging in.

Final thoughts

Putting some time and effort into these basic online security measures will let you sleep better at night. While these 8 steps will not transform your business into Fort Knox, they will go a long way into making your business more secure. Remember that fraudsters love to go after easy targets so any step you take to increase your cyber-security makes their work harder. It may even prompt them to move on to an easier target.

If you partner with a third-party provider, be sure to choose a provider who values security as much as you do. At Helcim, we are committed to helping our merchants stay secure and compliant each time they process a payment without compromising on the user experience.