Contact Us

Small business
cyber security
matters, too

Author: Poornima Apte

Depending on their size, small businesses may wrongly assume they are less vulnerable to cyber attacks. In fact, according to a survey conducted by the Cyber Readiness Institute, only 31% of business owners with fewer than 10 employees were concerned about small business cyber security in 2020.

Analysis of security incidents, however, points to one painful and unavoidable conclusion: small businesses are not immune to cyber attacks. The gap between the incidences of data breaches targeted at large enterprises and small businesses has been steadily decreasing, according to the Verizon’s 2021 Data Breach Investigations Report. This means small businesses are almost just as vulnerable to cyber attacks as large enterprises. Given the average cost of data breach for small business is $25,612, it's time to pay attention to small business cyber security and build a cyber security policy template for small business.

The small business cyber security landscape

In 2019, the U.S. was home to 30.7 million small businesses, each with the potential for financial loss due to data breaches. Staying on top of cyber security threats requires a robust bench of technical talent, which small businesses might not always have. Lacking the know-how to identify breaches can delay response, making the damage worse and adversely impacting business continuity. More than half of small businesses go under within six months of a cyber attack.

The migration to remote or virtual models of work has exacerbated these small business cyber security challenges. A third of American workers were telecommuting in October 2020 and nearly two-thirds of them want to continue the practice. Small businesses have to factor in additional endpoints, such as employee mobile phones, as potential vectors for attacks.

Cyber security policy template for small business

Given the magnitude of risks, small businesses can implement a set of protocols that are customized to their needs and that take their vulnerabilities into account.

An audit, either external or internal, can highlight areas that need extra attention. Like most other business mechanisms, cyber security is about making sure people, processes, and technologies are working well together. A sound cyber security policy template for small business can address all these components in a unified fashion.

The technology at risk

When it comes to small business cyber security, business owners need to keep an eye on the security of their devices in order to avoid data breaches. The technology at risk includes:

  • Employee devices. Make sure that laptops are secure with verified mechanisms to log in to business networks. Central mobile device management (MDM) policies ensure any changes or system updates can be pushed out to all devices.
  • Wi-Fi and virtual private networks (VPNs). Understanding how and where employees are connecting from will help institute better small business cyber security protocols.
  • The cloud. Whether small businesses use the cloud for storage or software-as-a-service (SaaS) solutions, it is another technology that needs to be addressed in cyber security templates.

People and processes

Since people use technology, the two need not be dissociated from each other. But a cyber security policy template for small business needs protocols so everyone can be on the same page about what to do when—especially when they suspect a breach.

The protocols that small business cyber security should address include:

Email protocols

Social engineering through phishing remains a significant route for cyber attacks, especially through cloud-based email programs. Email protocols should include templates that address regular employee training about what suspicious emails might look like, even from familiar colleagues. Email protocols also need to establish a chain that explains what to do if an employee suspects a phishing attack.

Password management protocols

While most employees might know not to use their dog's name as a password, a template gives businesses a list of to-dos related to password management. These include using multi-factor authentication or using single sign-on procedures for approved employees.

Data handling and transfer protocols

Employees need to comply with regulations such as the California Consumer Privacy Act or the European Union's General Data Protection Regulation (GDPR). This means understanding data encryption mechanisms or at least leaning on protocols that only relay encrypted data. Ensure security through networks before transferring data and instituting mechanisms for storing received data.

These broad parameters constitute a basic framework for fortifying small business cyber security. The constantly changing landscape with new threats requires small businesses to stay on top of software patches and updates. Relying on external vendors for 24/7 threat detection helps relieve some of the vigilance burden.

A cyber security policy template for small business helps ensure basic hygiene for small businesses of all stripes. Learn more about how Verizon can help small businesses assess and address mobile security challenges.