Cyber Security in 2022: What Small Business Owners Need to Do

Self Made: NASE's Blog

Blog With Us

Welcome to the Self Made. This is a blog focused primarily on the self-employed and micro-business and full of fantastic posts by not only our team of experts but by YOU!  We realize that there are many ways to help the small businesses out there which is why we invite other business minded individuals to post here and help the rest of the community as well.

Cyber Security in 2022: What Small Business Owners Need to Do

Jun 01, 2022

According to alerts issued by CISA, DHS, and the FBI, cybersecurity threats for small businesses have increased since Russia invaded Ukraine over a month ago. While government-sponsored attacks continue to gain increased attention, you shouldn't overlook attacks initiated by independent groups or actors. 

Although there's no foolproof way to protect your small business from cyber-attacks, knowing what to do can help mitigate their effects on your operations.

1. Learn About the Most Common Types of Cyberattacks

Data released by the U.S Small Business Administration shows that cyberattacks are continuously evolving. As they evolve, these attacks can take on several forms. 

Small business owners can protect themselves against these attacks by differentiating between the various forms. It calls for you to understand the differences between:

  • Phishing: A common type of scam that tricks individuals into visiting web pages that appear legit but are malicious. Your devices become infected immediately you click the links. After infection, the criminals can try to steal crucial information from the system. 

  • Viruses and Ransomware: Viruses are targeted towards infecting your small business computers and other linked devices. Ransomware attacks are on the rise worldwide and work like viruses. The attacks are designed to hold your computers hostage until you meet the attackers' demands. 

  • Malware: It's a general term used to refer to malicious software intended to cause harm to your network, computer, client, or business server. 

2. Prepare an Inventory to Help You Assess Your Risks

It's impossible to protect your gadgets if you don't know what you have at the moment. You need to maintain a detailed list of all the company hardware, i.e., printers, PCs, routers, laptops, and smartphones. 

In your inventory, make sure to include all your digital assets as well, e.g., cloud services like iCloud and Google Docs, bank accounts, and any software in use. Use your inventory to determine what's likely to go wrong and at which station.

3. Keep Your Software Up to Date 

Maintaining your business software is among the easiest things you can do to protect against cyber-attacks, but it is commonly overlooked. Use your inventory list to ensure that all gadgets are using the latest software updates. 

Some gadgets can't operate unless they're using the latest updates. Additionally, you should note that most of the updates released by iOS and Windows are software patches meant to boost the systems' security. 

Failure to update your software regularly means you'll remain exposed to emerging threats.

4. Train Your People on How to Remain Security-Minded

Small business owners should approach cybersecurity as a team effort. Ensure that employees have created strong passwords and that they reset these passwords every couple of weeks. Train your people to identify red flags that may point to phishing attempts. 

During training, cover topics such as techniques on how to spot malicious files. You'll need to develop an action plan to guide the employees on what to do if a cyberattack occurs. According to the FCC, businesses should have clear guidelines for:

  • Internet use

  • How to handle client information

  • Penalties for failing to observe these policies

5. Define Security Policies for Use in the Business

Leadership and safety go hand in hand. You need to inform your personnel on why these policies are important. Inform them why only a select number of people can access a certain office or area of the company.

While at it, touch on why they shouldn't use personal devices, e.g., laptops, when accessing crucial business information. For remote workers, take them through why they should exercise caution when using public Wi-Fi hotspots. 

6. Install a VPN

VPN refers to virtual private networks, which are highly recommended for small businesses that can't afford to run custom internal networks. They can assist in protecting team members who work remotely and aren't protected by the company firewalls.

Encourage your people to set up VPNs at home to avoid creating a weakness in the company's security system. Furthermore, ensure that any person using public Wi-Fi to log into work uses a VPN.

You have many VPNs to choose from today, with many offering a small business discount or a lower purchase price for multiple licenses. If possible, refrain from using free software as it can increase your risk of getting hacked. 

7. Backup All Your Business Files

Cyberattacks are initiated to steal, delete, or compromise your crucial business files. Installing backup programs can assist your business in mitigating such risks. 

According to Kaspersky, a cybersecurity company, you should choose a backup program that automates your backups or allows you to set up a backup schedule. Have your IT team retain an offline copy of the files in case the company gets hacked.

Offline backups ensure that you can resume operations at a moment's notice. 


Cyberattacks and the potential for cyber-related crimes are at an all-time high. No business can afford to ignore or overlook the risks attached to cyberattacks, especially knowing that 61% of all cyberattacks are targeted at SMEs

The 7 points above should give you a good idea of where to start and what to do to protect your business. At the minimum, ensure you back up your files, install a VPN, and train your people on the importance of remaining security conscious. Remember, protection against cyberattacks is a team effort.  
The opinions expressed in our published works are those of the author(s) and do not necessarily reflect the opinions of the National Association for the Self-Employed or its members.

Courtesy of