How small businesses can improve cybersecurity measures for free

IT governance departments ensure that business policies and strategies are implemented correctly.

By U2B Staff 

Read all stories

Today’s computerised world has made it incredibly crucial for organisations, big and small, to improve cybersecurity measures. Massive cyberattacks pop up in the news almost every year and large entities such as WhatsApp, U.S. Customs and Border Protection, and Microsoft’s Visual Studio tool were all affected by data breaches in 2019. Yet, the fact that small businesses face cyberattacks much more frequently tends to get overlooked.  

In 2019, Verizon found that 43% of all cyberattacks targeted small businesses, and despite the statistics, many smaller organisations still do not prioritise cybersecurity enough for a number of reasons. The most common reason is that security software often exceeds a small business’s budget. 

However, a single data breach can cost business owners much more. Computer experts McAfee now estimate that the cost of annual damage due to cybercrime has soared to approximately US$400 billion – almost a two-thirds increase from 2016 levels. 

In 2019, Hiscox reported that cyberattacks cost businesses of all sizes an average of US$200,000. For a multimillion-dollar company, that isn’t too much of a price to pay. However, US$200,000 can be a hefty blow to small business owners/operators, especially if they don’t have an insurance plan or financial backing. Furthermore, Inc has reported that 60% of small businesses affected by a security breach fail within the following six months.


Not only does a lack of cybersecurity put small businesses at risk of losing significant revenue, but it also puts them at risk of losing customer trust. Taking a cyber hit would mean working tirelessly to restore your business’ financial health, while regaining the trust of your customers, both of which are crucial tasks that can be hard to balance. 

A lack of time, budget, and knowledge are the most common reasons why small businesses may not be prioritising cybersecurity as they should. The proper tools can sometimes be costly, making it harder for small businesses to obtain. However, there are simple, cost-effective practices small businesses can use to keep their data and devices secure. Here’s how you can your business can improve cybersecurity measures without breaking the bank:

Change your passwords

Keep your data safe by changing your passwords. A simple way to keep you logins safe is to run your key emails and usernames through Troy Hunt’s HaveIBeenPwned tool, which will run your information through any personal account data that has been illegally accessed and then released into the public domain.

It is also important to avoid changing your login information frequently in a way that will make users suffer password fatigue and resort to variations on the same theme. 

In 2016, the FTC’s Chief Technologist Lorrie Cranor made headlines for promoting research by UNC-Chapel Hill showing this to be the case. “The UNC researchers said if people have to change their passwords every 90 days, they tend to use a pattern and they do what we call a transformation,” Cranor said. 

“They take their old passwords, they change it in some small way, and they come up with a new password.” These incremental changes are far easier to guess than would normally be possible.

Use a password manager

Use password managers such as LastPass, Dashlane, or Sticky Password to keep track of important login information. These tools enable businesses to use unique, secure passwords for every site, ensuring businesses are able to change their passwords without inconveniencing employees. 


Keep your computers updated

To protect your business from the latest threats, keep the operating systems and web browsers of your computers and mobile devices up to date. Be sure to check regularly for new versions of software, including security software. 

If your employees are using mobile devices for work, ensure they are using updated apps and a good security app. 

Enable Two-Factor Authentication

Enabling two-factor authentication will add some extra security to your logins. Generally, it’s as simple as registering a phone number or installing an app, but it adds that extra layer of security that makes it harder for an attacker to access your accounts.

Train your employees to identify phishing and spear-phishing attacks

One of the most popular and effective ways for hackers to attack a particular target is through phishing and spear-phishing attacks. Phishing attacks are more generalised, meanwhile, spear-phishing is personalised to each target and can often be extremely convincing. The only way to be sure that your organisation stays safe is through proper training. 

Limit access

Unauthorised individuals should not be given access to company computers or accounts. For example, a client should never be able to borrow a company laptop to access information. Even employees of different ranks and positions should have different access to technology, and they should never share information amongst each other. 

Secure your WiFi

WiFi can be an easy way to access data. It is crucial to secure your WiFi so only employees can access it. If possible, set up the network in a way that prevents employees from knowing the password.

If you want an open internet for customers to use, set up a separate network. Guests should not have the same WiFi access as employees. This will help prevent unwanted people from joining the business network and accessing files.