Cybersecurity for small business: Tips for the holidays and beyond

For most small businesses, the holidays are the busiest time of the year. In this make-or-break season, the last thing you can afford is to have your business experience unexpected downtime due to a cybersecurity attack.

Cyberattacks may seem like they only happen to large companies, but all too often, they happen to small businesses. Most attacks are financially motivated and come in several guises. But for many, it comes down to a human factor. The Verizon 2023 Data Breach Investigations Report Small and Medium Business Snapshot found that about 3 out of 4 breaches involve a human element, such as an internal error, the use of stolen credentials, or social engineering, which exploits well-meaning workers.

The holidays can be a peak time for cyberattacks on small businesses, such that the U.S. Cybersecurity and Infrastructure Agency issued an advisory on Ransomware Awareness for Holidays and Weekends in 2022. All it takes is one wrong click while distracted to give a hacker access to your systems, customer data and financial accounts. But there are things you can do now to help keep your company safe for the holidays and beyond. Check out these eight cybersecurity tips for small businesses to get you started.

Unfortunately, there will be some people who want to take advantage of those spreading holiday cheer. Hackers will often attack through email in one of two ways:

• Include a malicious link or attachment they hope you'll click, which will then give them access.
• Pretend to be someone else in the hopes you'll send money or provide login details.

Advise your employees to look out for unfamiliar or out-of-the-ordinary emails or requests, especially ones that include a link to a strange URL or ask for payments or passwords. Make sure employees have a way to report suspicious emails so you can take action.

While it's the season of giving, there's no reason to give hackers easy access. Take the time to update all your critical accounts with new, unique passwords. Prioritize on creating passwords for your financial accounts, in addition to any software that is critical for daily operations, such as your point-of-sale system, social media accounts or website.

While most of your employees likely don't have access to your financial accounts, they probably have an email account. If a hacker gets a hold of an employee's email, they could pretend to be the employee to trick coworkers into paying fake invoices or sharing passwords. Ask employees to create a new, strong password for their email logins, and consider creating a policy that requires employees to update passwords regularly.

When it comes to layers of cybersecurity for small businesses, the more the merrier. In addition to creating a new password, activate multi-factor authentication (MFA) for all your important business accounts. After you enter your password, the account will ask for another method of identification, such as entering a code sent to your phone. While it adds seconds to your login process, a bad actor who only has your password won't be able to get into your account.

It makes no sense to give someone a gift they don't need or want. The same is true when it comes to access to company data and applications; by only giving employees access to what they need to do their job (a cybersecurity concept known as zero trust), you can eliminate the risk that someone will use their credentials to access your critical accounts.    

You need smartphones and tablets to communicate with customers, process sales and manage your business. This makes mobile device security for small businesses a must, especially when you think about the risk to your data and accounts if someone on the naughty list finds or steals an unsecured phone. To secure your phone, make sure it's protected with a password or biometric lock such as a fingerprint or face scan.

Give your PCs and mobile devices a stocking stuffer by setting them to automatically download and install the latest updates. Not only will this help you access the latest features and functionality, but it helps ensure you are always using the version with the latest patches and security features.

Give a gift to your future self by backing up all your data and applications as often as possible. The National Institute of Standards and Technology's Cybersecurity Framework recommends conducting regular backups, including keeping one frequently backed up set of data offline to protect it against ransomware.