Cybersecurity Do’s and Don’t’s

Do you know why cyber threats target small businesses? Small businesses are often an easy target because they do not have a sophisticated network and systems structure and no not have an IT department, or even an IT manager in many cases.

Cyber threats know that many small businesses lack the knowledge to follow best cybersecurity practices and utilize third party platforms and the cloud to host information. It can be overwhelming to navigate how to best secure your business and your data. A great place to start is by reviewing our simple Do’s and Don’t’s of cybersecurity.



  • Use Unique and complex passwords and change them regularly

Per the NIST latest guidelines, the length of a password is a crucial security aspect, and all user-created passwords should be at least 8 characters in length

  • Turn on encryption on all devices

Encryption is a way to conceal information by altering it so that it appears to be random data. Learn more about data encryption here.

  • Regularly back up all your data and make sure there is version control

Back up to the cloud or to a hard drive – usually it is good to do research on both and weigh the pros and cons for your business

  • Use antivirus/anti-malware on all devices
  • Keep all software and operating systems up to date
  • Pay attention to possible signs of phishing

Phishing is a type of social engineering where an attacker sends a fraudulent message (normally via email or chat) designed to trick a person into revealing sensitive information to the attacker or to deploy malicious software on the victim’s infrastructure like ransomware

  • Educate all employees

Your own employees may be your biggest security risk. Look at tips for training your employees here.

  • Create a data breach response plan

Have a process written down for what you will do if data is lost and/or stolen

  • Use multi-factor authentication when possible

Multi-factor authentication is a layered approach to securing data where a system requires a user to present a combination of two or more credentials to verify their identity for login. MFA increases security because even if one credential becomes compromised, unauthorized users will be unable to meet the second authentication requirement (normally a push to one’s email or phone as a text message to confirm the sign on).

  • Get a cybersecurity insurance policy

Cyber insurance generally covers your business’ liability for a data breach involving sensitive customer information, such as account numbers, health records, personally identifiable information like names and addresses, credit card information, etc. Review policies to find the best fit for your business.


  • Open attachments or click links from unknown sources

This is often how attackers enter into your network in a process called phishing.

  • Use free public WiFi without a VPN

Free public WiFi sounds great for you as a small business owner, but it all sounds great to the hackers of the world. Public WiFi requires no authentication to establish a network connection. This creates an opportunity for the hacker to get access to unsecured devices on the same network.  Learn more about VPNs here.

  • Share passwords or use the same password for multiple accounts

Try to have different passwords for each account (and especially separate for any personal versus business accounts). Do not share passwords with others on your team.

  • Scan random QR codes or accept random Airdrops

Don’t scan a QR code (online or in-person) unless you know the company/individual sharing is reputable. You can also review the link the QR code will take you to prior to opening.

  • Install apps or software from unknown sources

Always do your research before downloading any apps or software

  • Recycle old devices without properly wiping all data

It might seem convenient to just throw an old laptop or phone out, but make sure to wipe the computer (AKA delete all data and information from the hard drive) prior to disposing

  • Login to personal accounts on public computers

Especially with social media and other accounts, it is easy to log in on a public computer, and then forget to log out. It is best to use public computers only for searching public information.

  • Leave unused services running on your devices, EX; Bluetooth
  • Plug in random portable devices

If you don’t know where that USB came from, do not plug it into your laptop! Many hackers use this method to hack into computers of unsuspecting victims.

  • Visit unsecure websites (website without the “s” in “https”

Written by Sarah Mailloux, Digital Marketing and eCommerce Specialist

Newsmakers for March 22Sarah has years of experience helping businesses start, pivot, and grow. She specializes in market research & design, international business, and business ideation/start-up. Sarah has managed the statewide digital marketing and eCommerce program for the network and presented over 30 workshops in digital marketing and website assistance. She also has 5+ years of Wealth Management & Business Reporting experience. Sarah is an entrepreneur herself, consulting universities and business through academic coaching, instructional design, and non-profit marketing. She has a BS and MS in International Business, is an Export Certified Advisor, an is a Certified Ideation & Commercialization Coach.