Data breach

According to a report from Cisco, 70% of cyberattackers deliberately target small businesses. The threat is real and happening every day. Indeed, such attacks can be fatal to a small company. Unfortunately, some small-business owners do not take precautions to shore up their systems, thinking they are too small to get hacked. This kind of faulty thinking leads to vulnerable systems that easily fall prey to hackers.

To take corrective action, you first need to understand why small businesses fall victim to data breaches in the first place. Lack of security measures and trained personnel, maintaining data that is useful to hackers (e.g., credit card information), or failing to back up data with a third-party security system are some ways small businesses may be vulnerable to a breach. Fortunately, there are effective steps that small businesses can take to ward off cyberattacks. Here is a selection of best practices for securing your data:

• The first line of defense — The leading cause of small-business data breaches is through employee internet communication. Training your staff on best internet practices is an important way to help protect company data. Identifying phishing emails, avoiding suspicious downloads and utilizing authentication tools can all help prevent cyberattacks.
• Safeguard your network — The internet connection needs to be protected by encrypting information or having a firewall. Your router should be password protected, and remote employees should use a virtual private network to connect to your network. Zero-trust security has become the industry standard.
• Install antivirus software — To further protect your data, install antivirus software on all computers. Software vendors are available online, each offering features to meet your needs. All vendors will provide regular automatic updates to protect your system.
• Require multifactor authentication — Before accessing your data, require the user to authenticate their identity in two or more ways beyond username and password. Monitor access by removing former employees from your system.
• Back it up — Data should be backed up on all computers on a regular basis. Cloud storage audits should be done on a weekly basis to protect sensitive financial, human resources and accounting files. Make sure to destroy sensitive data, including paper documents, once it is no longer needed.
• Control access — Business computers should not be left unattended where they can be accessed by unauthorized individuals. All laptops and mobile devices should be locked up in a secure location. Each employee needs to have an individual user account protected with a strong password.

Proactively have a plan in place in the unfortunate event that your system is compromised. You will need to alert law enforcement and any businesses or individuals that were affected. Isolate the affected systems and disconnect them from the internet to prevent further damage. Disable access to the system and change all credentials.

Implementing a multitiered security plan reduces the risk of a cyberattack on your company.

© YC Partners 2026