top of page

The Cybersecurity Safeguards Every Small Business Must Have

Is cybersecurity a top priority for your small business? We certainly hope so. Attacks at large organizations always get the headlines, but it’s most often the small-and-medium-sized businesses (SMB) that are attacked. In fact, 43% of cybersecurity attacks target the SMB community. A recent study found that 47% of businesses with fewer than 50 employees do not have a dedicated cybersecurity budget.

The evidence is in, but historically, SMB cybersecurity suffers from four key weaknesses:

  1. Budget constraints

  2. A lack of knowledgeable IT ability

  3. Time constraints

  4. A lack of awareness and understanding about cybersecurity safeguards

These constraints are unlikely to improve. Overall security spending among SMB has been increasing in recent years, but it still significantly lags the threat level.

Outlined here are practical steps any small business can take right now that are universally accepted and relatively easy to implement for immediate effect. Yes, setting up these solutions will take the employees outside their comfort zone of denial and convenience, but as everyone with a stake in a business knows, protecting the business is not about comfort, convenience or keeping things easy.


Upgrade Password Policies

Implementing this safeguard is as easy as sending an email to all employees stating a firm-policy that prohibits sharing passwords with anyone, using passwords at the office that are used at home and using passwords that are less than ten characters, don’t have special characters and don’t contain at least one number. Of course, IT can easily enforce this policy across this company, but stating the policy goes a long way toward protecting the company from an attack.

Use Multi-Factor Authentication Across as Many Accounts as Possible Adopting multi-factor authentication across as many accounts as possible is one of the best ways to add more security to an account. Even if one credential becomes compromised, anyone unauthorized will not meet the second authentication requirement (usually a prompt on a call phone) and therefore will remain unable to access the account.

Take Away Administrative Rights

The easiest way to prevent installation of most malware, or configuration changes that create vulnerabilities is to restrict local administrative rights or privileges from employees. This means only IT, or a designated user, can install new programs or make system configurations changes. Removing local Admin rights will prevent many types of malware and attacks from ever starting in the first place. It can also minimize the impact of what malicious actors can do and can make cleaning up a breach easier which is why it is one of the most cost-effective security configurations you can implement.

Patch Management Microsoft Windows allows auto-update of critical Operating System (OS) patches. While it’s a promising idea to patch all software and firmware on a regular basis, setting auto update for Windows is an easy and effective way to ensure vulnerabilities in the Operating system remain closed with no effort. A good antivirus program will also allow for “auto-update” and conduct regular scans at designated hours that won’t affect productivity.

Educate Employees Educating employees on cybersecurity best practices can take many forms, everything from costly in-person training from a professional trainer to web-based training courses to a mandatory meeting that gathers all employees to hear the boss explain how to remain diligent in a world plagued by cybercrime. No matter what options are right for the business, making employees aware of what to look for and how to respond to cyber threats is an easy and cost-effective way to add security to a company.

Encourage employees to report any suspicious signs at once. Even if it's a false alarm, there is much to learn by understanding the signs that triggered the suspicion.

Consult IT Experts Any small business that is keen enough to have a seasoned IT Managed Service Provider helping them achieve cybersecurity fitness will have all these recommended actions already in place. In addition, they will implement other safeguards that are essential toward keeping any small business safe.


It takes a small business to understand the needs, challenges and requirements of another small business. Roark Tech Services takes pride in our exclusive focus on the small business community. Our twenty-four years of experience allows the greatest understanding of what a business needs and how to deliver it.

If you don’t have an IT Partner that you trust or lack the confidence they know the unique challenges of your business with ability to supply the right level of service and support, we’d love to help. Contact Us.



bottom of page