It’s not just big corporations that need cybersecurity. Cybercriminals are increasingly targeting small and midsize businesses because they know many of these businesses have fewer security resources. In fact, only 14% of small businesses are prepared to defend themselves, and a 2019 report showed that large-scale digital incidents cost businesses of all sizes nearly $200,000 on average.

Here are 5 cybersecurity best practices you can start implementing today to protect your business.

1. Have a written cybersecurity policy

A well-written cybersecurity policy should establish a clear set of actions you’ll take in the event of a breach. It should also detail the practices and behaviors that employees should take to prevent breaches from happening in the first place.

Address questions like:

  • How should employees handle important data?
  • Where can data be stored and where can’t it?
  • Who has access to what and why?
  • Who is allowed to edit, publish, share, and make decisions about data?
  • When there’s a cybersecurity incident, who reports it? Who tracks it? Who communicates with your clients and other stakeholders?

Think about what questions your clients and/or stakeholders will ask you if a breach happens. You want to be able to answer as many of them as you can by pointing to your cybersecurity policy, so it’s important to have it all in writing.


2. Understand the threats

Make sure your team knows how to identify and avoid cybersecurity threats like spearphishing, which accounts for 95% of all attacks on enterprise networks and typically involves tricking an employee into giving away money or information. Spearphishing attempts can look quite convincing, which is why we’ve outlined these 6 ways to identify spearphishing.

You can learn about other common types of cyber attacks here. They include:

  1. Passive attacks: monitoring unencrypted traffic to look for sensitive information
  2. Active attacks: trying to bypass or break into secured systems
  3. Close-in attacks: attempting to learn about a network by getting physically close
  4. Password attacks: trying to crack passwords
  5. Hijack attacks: taking over a session between you and another individual to gain private information
  6. Exploit attacks: exploiting a security problem or vulnerability that the attacker knows about
  7. Buffer overflow: flooding an application with more data than expected in order to gain administrative access

3. Educate your team

When it comes to human threats, the human element (you and your employees) are the most important defense your business has. Make sure your team is on the lookout for malicious emails and other cyber threats. Here are some tips for you and your employees:

Trust your gut. If something looks suspicious, there’s a good chance it is, and it’s better to be safe than sorry.

When in doubt, don’t click. If you receive a message that doesn’t look or feel right to you, don’t download any attachments. Don’t click on any links. Don’t do whatever the email asks you to do until you’ve confirmed that it’s legitimate. If the email sender is claiming to be someone you know, check with that person before you do anything.

If you make a mistake, say so immediately. Everyone makes mistakes. If you accidentally give away money or sensitive information, report it immediately — either to your superior, your cybersecurity provider, or both. It’s extremely important to make it clear to employees that they won’t be punished for coming forward and admitting a mistake.


Review your cybersecurity policy regularly. If you want your employees to hear and remember your policy, you have to repeat it. Even just 10 minutes spent reviewing cybersecurity best practices at the end of each quarterly meeting can go a long way.

4. Invest in the right cybersecurity tools


All businesses need firewalls. Firewalls are there to filter traffic going in and out of your network. A commercial-grade firewall with a full suite of security services can stop many different types of threats, including spam, malware, intrusion attempts, Denial of Service (DoS) attacks, and infected and inappropriate websites. You don’t have to spend a lot for good firewall protection either. Renting firewalls can be an extremely cost-effective option for small and midsize businesses.

Multi-factor authentication (MFA)

Does your business use Cloud services? MFA is one of the best and easiest security measures you can take because it keeps your information safe even if you accidentally give away your password. It’s simple to implement and understand. For example, if someone wanted to access your Office 365 account from outside your network, MFA requires them to provide a second (or third) form of verification to prove who they are. With many tools, you can even program it to send you a prompt to “approve” or “deny” access to anyone who has entered a valid username and password outside your network.

Examples of cybersecurity tools that use MFA:

  • Microsoft’s Enterprise Mobility + Security platform includes MFA as well as other valuable security features like Single Sign-On (SSO), which allows you to control who has access to what and when. Mobile Device Management (MDM) lets you set rules about how data can (and cannot) be forwarded, moved, emailed, or screenshotted from various devices.
  • Keeper is an effective and powerful password manager. In addition to MFA, it gives you a secure, encrypted place to store all company passwords.
  • Microsoft Azure Backup is a sophisticated but affordable data backup solution with great security.

Move your Excel files to SharePoint

Word documents and Excel files can be attached and sent to anyone (unless you password-protect them, which is clunky and inefficient). With SharePoint, no one can view or forward your data outside the company without proper permissions. This not only keeps your data safe from cyber attacks, but also from regular human error.

5. Customize your cybersecurity

Every business is unique. Therefore, every business faces its own unique set of threats. While the cybersecurity best practices in this blog post are important for all businesses to know, the best cybersecurity solution is one that is specifically designed for your business.

Have questions about cybersecurity? Want to make sure your business is well protected?

At Upward Technology, we provide full-service cybersecurity solutions that are specifically designed for the needs and budgets of small and midsize businesses. We start by learning about your goals for security and long-term growth, and then we create a customized cybersecurity plan to get you there.

Get in touch with us today for a cybersecurity risk assessment.