Common Sense Cyber Security for Small and Midsized Businesses

Patrick Thielen

In the aftermath of the state lockdowns of countless businesses, many small companies heavily rely on their websites and other technology to continue operating. If these digital platforms shut down because of a cyber attack, the business can potentially shut down with it.

A case in point is my favorite local Thai restaurant. Like other small restaurants, a majority of their business is now take-out and delivery. Previously, only a small fraction of the restaurant’s orders came through its website. Had it experienced a cyber attack then, customers could still be served inside the facility. Today, the attack would shut down a much larger portion of the restaurant’s revenue.



While maintaining a secure and resilient technology is a critical necessity for small and midsized businesses (SMBs), the challenge is that SMBs typically lack the resources to invest in cyber risk management on par with large enterprises. The good news is that a little can go a long way.

SMBs can improve their cyber security at a small expense and in some cases for free. Here’s a short list of cyber security practices that companies, even my local Thai restaurant, can easily pursue.

Take a cyber security awareness course. A quick browser search will introduce a surprising number of such courses, many of them free, to enhance password hygiene and detect and avoid social engineering, phishing and URL spoofing attacks.

Use a password manager. Free versions are available, and paid password managers generally cost less than $10 per month. Dashlane, for instance, has both a free tier and a paid premium subscription, although the latter is free to Chubb commercial cyber policyholders. 

Enable free security settings. Many operating systems, business systems, web-based email and online bank accounts offer free security features, multi-factor authentication settings, and internet tutorials. Enabling them should be a no-brainer.

Back up critical data. Online cloud backup services are easy to use and typically cost under $10 per month. For critical data, it’s also important to do offline backups on an external hard drive, a one-time purchase generally under $100.

Secure the WiFi system. At a minimum, business owners and employees should change the default password on modems and routers (it’s free), since hackers can easily determine default user ID and password combinations. Search how to change the password on the specific device and brand.

Upgrade network devices. Log into the device to install the latest firmware, or buy a newer device with state-of-the-art security features like advanced encryption, guest network segmentation, and firewall settings, with a simple-to-follow user interface.

Use a VPN service. A virtual private network provides a securely encrypted connection between remote devices and your business network. The cost (under $10 per month) is relatively small compared to the security value.

Secure all devices. Install antivirus/encryption software providing endpoint protection on the laptops and other mobile devices that access your business network.

Professional security. Although the costs are higher, some SMBs may want to consider hiring a managed services provider to oversee their technology and cyber security.

Cyber insurance. All businesses should strongly consider buying a cyber insurance policy that offers broad risk protections at affordable rates. The policy also may provide the aforementioned loss mitigation services and post-incident crisis management services.

A perfect state of cyber security is elusive for even the largest companies, but SMBs that follow these practices, like my neighborhood Thai restaurant, can better protect their businesses to ensure they do not become an easy victim.

Latest Posts