Last Updated on by SCARS Editorial Team

RSN™ Guide: Small Business Cybersecurity


Be More Vigilant Online

For small business owners, business growth is the name of the game. It’s important to establish a cybersecurity protocol early that can grow with your business to protect your most critical assets.
  • Not only do businesses rely on technology to perform daily functions, but the Internet provides easy ways for businesses to stay connected and informed.
  • However, with these increased conveniences comes increased risks.
  • Many of the crimes that occur in real life are now facilitated through the Internet, including human trafficking, credit card fraudCard Fraud Card Fraud is one of the most commonly referenced fraud definitions. It occurs when a fraudster uses a card (debit or credit) to make a purchase without the authorization of the cardholder. Card fraud can occur in-person or through digital channels., identity theftIdentity Theft Identity theft is when someone uses another person's personal identifying information, without their permission, to commit fraud or other crimes. In both the U.K. and the United States it is the theft of personally identifiable information. Identity theft deliberately uses someone else's identity as a method to gain financial advantages or obtain credit and other benefits, and perhaps to cause other person's loss. The person whose identity has been stolen may suffer adverse consequences, especially if they are falsely held responsible for the perpetrator's actions. Personally identifiable information generally includes a person's name, date of birth, social security number, driver's license number, bank account or credit card numbers, PINs, electronic signatures, fingerprints, passwords, or any other information that can be used to access a person's financial resources., and embezzlement.
  • No country, industry, community, or individual is immune to cyber risks, and no single government agency, company, or individual can solve our cybersecurity challenges.
  • We all have to work together to secure cyberspace.



Forty-four percent of small businesses reported being the victim of a cyber attack, with an average cost of approximately $9,000 per attack.
  • Nearly 59 percent of U.S. small and medium-sized businesses do not have a contingency plan that outlines procedures for responding to and reporting data breachData Breach Whenever private information is seen by someone who should not have access, this is known as data exposure. It may also sometimes be referred to as a data leak or data breach. It might happen by accident or be caused by hackers who do it to cause harm to the individual or organization involved. It can be especially damaging to companies that store the credit card details and personal information of their customers. losses.
  • All businesses, regardless of size, are at risk. Small businesses may feel like they are not targets for cyber attacks either due to their size or the perception that they don’t have anything worth stealing.
  • Only a small percentage of cyber attacks are considered targeted attacks, meaning the attacker group is going after a particular company or group of companies in order to steal specific data.
  • The majority of cybercriminals are indiscriminate; they target vulnerable computer systems regardless of whether the systems are part of a Fortune 500 company, a small business, or belong to a home user.


Small businesses, which are making the leap to computerized systems and digital records, are attractive targets for hackers.
  • Small businesses store significant amounts of sensitive data from customer information to intellectual property.
  • While large businesses can dedicate resources to cybersecurity, small businesses face the same cybersecurity challenges and threats with limited resources, capacity, and personnel.
  • In 2010, the U.S. Secret Service and Verizon Communications Inc.’s forensic analysis unit, which investigates attacks, responded to a combined 761 data breaches, up from 141 in 2009. Of those, 63 percent were at companies with 100 employees or fewer.
  • Visa estimates about 95 percent of the credit-card data breaches it discovers are on its smallest business customers.


  • Assess risk and identify weaknesses – If your sensitive information is linked to the Internet, then make sure you understand how it’s being protected.
  • Create a contingency plan – Establish security practices and policies to protect your organization’s sensitive information and its employees, patrons, and stakeholders.
  • Educate employees – Make sure that employees are routinely educated about new and emerging cyber threats and how to protect your organization’s data. Hold them accountable to the Internet security policies and procedures, and require that they use strong passwords and regularly change them.
  • Back up critical information – Establish a schedule to perform critical data backups to ensure that critical data is not lost in the event of a cyber attack or natural disaster. Store all backups in remote locations away from the office, and encrypt sensitive data about the organization and its customers. Invest in data loss protection software and use two-factor authentication where possible.
  • Secure your Internet connection – Use and regularly update antivirus software and antispyware on all computers. Automate patchPatch A software program update that corrects known bugs or problems, or adds new features to a software program already installed on your computer. deployments across your organization, use a firewall, encrypt data in transit, and hide your Wi-Fi network. Protect all pages on your public-facing websites.
  • Create a continuity plan – A continuity plan ensures that of nature, accidents, and technological or attack-related emergencies. Business functions can continue to be performed during a wide range of emergencies, including localized acts templates for this type of plan at