Breadcrumb

A guide to small business cyber security

Written by

The GoCardless content team comprises a group of subject-matter experts in multiple fields from across GoCardless. The authors and reviewers work in the sales, marketing, legal, and finance departments. All have in-depth knowledge and experience in various aspects of payment scheme technology and the operating rules applicable to each. The team holds expertise in the well-established payment schemes such as UK Direct Debit, the European SEPA scheme, and the US ACH scheme, as well as in schemes operating in Scandinavia, Australia, and New Zealand. See full bio

Last editedAug 20212 min read

Cyber attacks are a growing threat to small businesses across the country, and as a small business owner, it’s your job to ensure your company is protected. We’ve put together a list of cyber security strategies for small to medium sized businesses, giving you the edge on creating a culture of security that inspires consumer confidence and enhances your business.

Why is small business cyber security important?

According to data from a recent SBA (U.S. Small Business Administration) survey, around 88% of small business owners believe that their business may be vulnerable to a cyber-attack. It’s a legitimate concern. Lacking the security infrastructure of larger organizations, small businesses are a prime target for cyber criminals. Verizon’s 2019 Data Breach Investigations Report suggests that around 58% of cybercrime victims were small businesses (under 250 employees). But despite their vulnerability, many small businesses simply aren’t capable of detecting, preventing, and responding to cyber-attacks.

Cyber security risks for small business

There are a broad range of potential cyber security risks for small business. While an attack could come from any direction, here are some of the most common cyber security risks for small business that you should ensure you’re protected against:

Viruses – Harmful programs that spread between computers and connected devices that provide cyber criminals with access to your computer systems.
Phishing – A type of cyber attack that infects your machine with malware or steals sensitive information, usually via an email or a malicious website.
Malware – Software that intentionally causes damage to your computer, server, or network. It’s important to remember that malware may contain viruses and ransomware.
Ransomware – A type of malware that exploits software vulnerabilities and restricts access to your computer until a “ransom” is paid, usually delivered through phishing emails.

Cyber security checklist for small business

So, it’s clear that having a small business cyber security plan is important, but how do you go about achieving that? We’ve gathered some of the very best cyber security solutions for small business, so you can ensure you’ve got a plan of action in place:

Train your employees

One of the best cyber security solutions for small business is simply to establish basic security policies for your employees. Make strong passwords a requirement and provide guidelines for appropriate internet usage on work devices. You should also ensure that employees who handle confidential information are trained on how to protect this type of data.

Keep your machines clean

Keep your computers and networks safe from cyber attacks by installing up-to-date security software and antivirus software. Plus, you should make sure that you’re using the latest web browsers and operating systems.

Ensure WiFi is secure

As part of your small business cyber security plan, it’s important to make your WiFi network as secure as possible. When you set up your wireless router, ensure that it doesn’t broadcast the network name (Service Set Identifier (SSID)) and don’t allow anybody to access the router without a password.

Create an action plan for mobile devices

Mobile devices can present considerable cyber security risks for small business, particularly if they hold confidential information or are able to access your company’s corporate network. Make sure that devices are password-protected and install security apps to stop criminals from stealing their information when the devices access public networks. You should also set up stringent reporting procedures for lost or stolen devices.

Employ best practices with payments

When you take payments online, you should ensure that you have the very best practices in place, as you’re dealing with your customers’ financial information. Make sure that you’re PCI DSS compliant and use trusted, validated tools like GoCardless.

We can help

GoCardless helps you automate payment collection, cutting down on the amount of admin your team needs to deal with when chasing invoices. Find out how GoCardless can help you with ad hoc payments or recurring payments or learn more about secure payments.