Skip to main content
Suggested Searches
Quick Links

How to improve cyber security for your small business

cyber attack credit card

Just because you run a small business, doesn’t mean you’re beyond a hacker’s notice. Small businesses often hold the same types of sensitive customer information as larger enterprises. That, combined with their perceived lack of cyber security knowledge and resources, makes them an attractive target to hackers.

According to a recent SBA survey, 88% of small business owners felt their business was vulnerable to a cyber attack. Yet many businesses can’t afford professional IT solutions, have limited time to devote to cyber security, or they don’t know where to begin.

The best way for small business owners to be adequately prepared is to educate themselves on common threats and the best strategies to defend themselves from a cyber attack.


Common cyber threats to small businesses

Social engineering fraud
Social engineering fraud involves manipulating people into divulging confidential information such as passwords, social security numbers, or credit card information. The most common form of social engineering fraud is phishing emails, which are designed to appear as though they have been sent from a legitimate organization or known individual and trick victims into paying out money or revealing sensitive data. A small business looking into new products and vendors — for example, to help systematize their day-to-day operations — may be susceptible to social engineering fraud. Be sure to check on the credibility of the organization before responding to emails or clicking on any email links.

Remote working options
Many small businesses offer working from home options and, while remote work can have some advantages, it can also expose businesses to a range of cyber security risks. With a distributed workforce, it’s important for staff to be even more careful about maintaining cyber hygiene.

Malware is any software intentionally designed to cause disruption and damage to a computer, network, or gain unauthorized access to private information — such as viruses and ransomware. While ransomware attacks are generally associated with larger companies, in fact 50 to 70 percent of ransomware attacks are aimed at small and medium-sized companies — and most small businesses fail within six months of an attack.1


Best practices for improving small business cyber security

  1. Educate your employees

    As cyber criminals evolve and become savvier, it’s essential to regularly update your employees on new protocols. The more your employees know about cyber attacks and how to protect your data, the safer your business will be. Send out regular reminders not to open attachments or click on links in emails from people they don’t know or expect; outline procedures for encrypting personal or sensitive information; and train employees to double check if they get rush requests to issue unexpected payments—a common scam.

  2. Implement safe password practices

    Many data breaches occur due to weak, stolen, or lost passwords. In today’s world of working from your own devices, it’s crucial that all employee devices accessing the company network are password protected. Have employees change their passwords regularly by automatically prompting them to change their passwords every 60 to 90 days.

  3. Make sure you’ve got the right partners and platforms.

    Your cyber security is only as good as the security of the platforms and partners your business depends on. Check the following:

    • Do you have a WAF (web application firewall) in place – to protect your site?
    • Is your ecommerce platform PCI-DSS (payment card industry data security standards) Level 1 compliant? That will protect you against digital data security breaches across your entire payment network, not just a single card.
    • Does your website hosting company have staff that are regularly patching security vulnerabilities – to reduce the likelihood of attacks?
    • Check to make sure each company computer has antivirus software installed. Even after training employees on how to identify a phishing email, they may be susceptible.
  4. Secure your hardware

    Data breaches can be caused by physical property being stolen too. If your servers, laptops, cell phones or other electronics are not secured and are easy to steal, you are taking a big risk. Security cameras and alarms will help, but physically locking down computers and servers will help even more. Whether your employees are working from home, a coworking space, or a traditional office, be sure they understand how to keep their company equipment protected.

  5. Regularly back up all data

    No matter how vigilant you are with your cyber security strategies, data breaches can still happen. The most important information to back up is:

    • Databases
    • Financial files
    • Human resources files
    • Accounts receivable/payable files

Be sure to also back up all data stored on an online drive and check your backup regularly to ensure that it is functioning correctly.

Your insurance company may also provide cyber consulting and risk management services, so check with your agent or broker when choosing your cyber insurance coverage. You can also hire an outside expert to evaluate risks!


Additional Resources:

Stay safe from cybersecurity threats

CIA’s Cybersecurity Awareness Program Small Business

Cybersecurity for Small Business


This document is advisory in nature and is offered as a resource to be used together with your professional insurance advisors in maintaining a loss prevention program. It is an overview only, and is not intended as a substitute for consultation with your insurance broker, or for legal, engineering or other professional advice.

Chubb is the marketing name used to refer to subsidiaries of Chubb Limited providing insurance and related services. For a list of these subsidiaries, please visit our website at Insurance provided by ACE American Insurance Company and its U.S. based Chubb underwriting company affiliates. All products may not be available in all states. This communication contains product summaries only. Coverage is subject to the language of the policies as actually issued. Surplus lines insurance sold only through licensed surplus lines producers. Chubb, 202 Hall's Mill Road, Whitehouse Station, NJ 08889-1600.


Seeking a business insurance quote?

We can help with that.