Five Tips to Improve Your Small Business Account Security

Director of shieldlegal and IDShield, protecting and empowering people through legal plans and privacy management solutions.

A small cybersecurity mistake could cost your business enormous amounts of time, money, and inconvenience. You click on an attachment in an email that you think is from a provider, but it’s actually a phishing scam. An employee chooses a weak password for a new account that gets hacked. His IT team installs malware on all of his company’s computers, but forgets to set up automatic security updates on just one.

According to the FBI’s 2021 Internet Crime Report, cybercrime continues to increase in the US each year. The agency’s Internet Crime Complaint Center received a record number of complaints last year: 847,376, a 7% increase from 2020, resulting in potential losses of more than $6.9 billion. The most common complaints were related to ransomware, business email compromise (BEC) schemes, and cryptocurrencies.

For many small and medium-sized businesses (SMBs), a cyberattack can be a fatal blow. Recent research found that 75% of SMBs would go out of business if forced to pay cybercriminals to gain access to their data or software in a ransomware attack. The cost of this type of noncompliance is more than monetary; it also causes intense disruption to a company’s operations.

SMEs are attractive targets for cybercriminals. They have valuable data that can be held hostage for ransom or sold to other bad guys, but they often don’t have the rigorous security protections that are standard in larger organizations. But you can make sure your business isn’t an easy target by taking a few simple steps.

1. Train your employees to spot suspicious emails.

Good cybersecurity practices must be applied throughout the company to be effective. Educate yourself and all your employees, from interns to senior managers, about common security threats. Train your entire team to be able to differentiate between legitimate and fraudulent emails.

Criminals often use a tactic called email phishing in phishing campaigns. They send an email that has been doctored to appear to come from a trusted source, such as a vendor, company executive, or friend, with the goal of tricking the recipient into opening or replying to the message and gaining access to the email. systems, steal data or money, or spread malware.

For example, you may receive an email purporting to be from the CFO of one of your vendors asking you to update the credit card information on your account. Or you may receive a spoofed email from an online retailer asking you to click on a link to get a “special offer”, but the link actually downloads and installs malware on your computer.

It is impossible to completely prevent email spoofing because the protocol used to send and receive email, Simple Mail Transfer Protocol (SMTP), does not require authentication. Teach employees to turn on their spam filter and carefully look at the header of the emails they receive. Have you received emails from this address before? Does the “from” email address match the sender’s display name? Does the “reply to” header match the source? Are the name of the sender and the domain of the website spelled correctly?

For example, a closer look at this header reveals that this email is suspicious:

From: “Jane Doe, CEO”

Reply to: “Jane Doe, CEO”

2. Use alternative email accounts.

Reduce the risk of your business accounts getting on spoofed email lists by using alternate email addresses when signing up for online activities. For example, if your marketing team is signing up for a webinar, instead of using “[email protected]” to sign up, they would use an account designated exclusively for this purpose, such as “marketing [email protected]

3. Create strong email passwords.

Emphasize, over and over again, the importance of creating strong and unique passwords for all business accounts. Use a password manager that securely stores all logins for each employee and regularly requires you to update passwords.

4. Keep malware software up to date.

Install robust malware protection software on all company devices and configure it to install patches and updates automatically. It is crucial that you run the latest version of malware software so that you are not vulnerable to security issues that have been resolved.

5. Appoint an IT leader.

No matter the size of your business, you need someone in charge of managing your IT, whether it’s an internal employee or an external vendor. An effective IT leader should conduct regular risk assessments, develop incident response strategies and constant monitoring, review alerts and network performance, and flag suspicious activity.

Stay proactive and alert against cyber attacks. Investing in simple protective measures now can prevent major damage to your business in the future.


The Forbes Technology Council is an invite-only community for world-class CIOs, CTOs, and technology executives. Do I qualify?


Leave a Reply

Your email address will not be published.