Table of Contents

User security in cyberspace is exposed to an increasing number of threats. Not a day goes by without news that someone has hacked into another system or stole important data. Owners or managers of small and medium-sized businesses know that cybersecurity is a priority in our century and that we must pay due attention to these problems. The most important thing in this matter is to understand where to start.


It may seem that ensuring cybersecurity is a very laborious and complex process. Not every manager or business owner has the technical knowledge necessary for this, so even the most cautious of us and those interested in ensuring security can scare off the need to wade through the jungle of professional jargon and conflicting information.

It is for such interested parties that our leadership is intended. If you are a busy manager and you already have a full daily routine of business management, then you just objectively do not have time to become an advanced expert in all areas of cybersecurity. But if you read this manual and together with your employees (including those who are involved in your computer equipment, software installation and networks) include the security measures that we have described in your workflow, you will have less to worry about. Protecting your business is not so difficult, as some experts describe. Be patient and take advantage of the small tips from us, and you can protect even the smallest company with advanced cybersecurity practices.

1. Identify your weaknesses

The first step to protecting yourself from cyber threats is to identify your vulnerabilities. If you do not know what your weakness is, how can you eliminate it? If you do not know what data is stored on the computers of your company, how can you protect them?

First, determine what information can be called the “gems” of your data collection. In other words, what data is vital to your firm?

It can be anything: from your intellectual property to the contact information of your customers, inventory records, financial information, etc. Where do you store all this data? Once you answer these questions, you can begin to think about what risks your data is exposed to.

Describe in detail all the actions that you and your employees take to collect, save and dispose of data. Think about which “transit points” on the way information is transmitted in your company may result in data leakage or theft. Also, make yourself clear about the consequences that may affect your company, your customers, and relationships with your partners in the event of a threat to your cybersecurity. After that, you can begin to take some measures.

2. Protect your computers and devices (cybersecurity)

It is through computers and other devices of your company that the lion’s share of all the work that keeps your business afloat is carried out. But because these devices have access to the Internet and a local network, they are vulnerable to cyber-attacks. Here are our instructions with which you can increase the level of protection in the network of various devices of your company.

A. Update your programs

The very first (and possibly the easiest) step to ensure that your systems are protected from attacks is to always use the latest versions of the programs that your business is based on. Hackers involved in illegal activities spend a lot of time searching for bugs in popular programs and applications, abusing loopholes to penetrate the system. They can do it for anything: to make money, to make a political statement, or simply because they can do it. Such illegal entry can cause irreparable damage to your business. Hackers can steal your customers’ bank card numbers from your website or even steal passwords from your computers. If this happens, your business will have serious problems.

Microsoft and other software companies are always looking for vulnerabilities in their programs and applications. When a vulnerability is discovered, an update is issued for users to correct the defect. Agree, it’s so easy to install updates immediately as they are released, but why then are so many companies blithely concerned at this point?

In 2017, the WannaCry ransomware virus launched an attack on thousands of computers around the world. Even such huge organizations as FedEx and the National Health Service of England came under his attack (you will read more about ransomware viruses later). Before the attack, Microsoft released a patch, an update for the software that fixed the vulnerability, but many system administrators did not install it on time, which made the cyber attack so massive. Fortunately, the attack was stopped, but this does not always happen. The easiest way not to become the next victim of hackers is to update the software promptly.

Where to begin?

  1. If your system administrator monitors your system, make sure that this employee is always up to date with the latest updates and timely updates the software on your devices.
  2. If you own a small business and service your computers yourself, just do Windows updates. After installing the updates, always restart the computers.

B. Protect yourself from viruses (cybersecurity)

Viruses are malware that secretly infects your computer. They can do a lot of trouble, but most often they gain access to your files and delete or modify them. Viruses spread quickly, creating copies of themselves and sending them to people from your contact list. If one of the computers on your network has caught a virus, it can infect all the devices of your company very quickly, because of which you will lose a significant part of the data. Besides, if you communicate with clients and users via e-mail (and almost everyone does), you can infect their computers as well.

Malicious programs and ransomware viruses are the two most dangerous types of viruses in modern cyberspace. There are several differences between malware and ransomware viruses. A malicious program tricks the victim into downloading certain software, thereby gaining access to her computer. This program can track which services you access from your computer, steal sensitive data or start distributing spam on your behalf by e-mail.

Ransomware is a special type of malware. 

This program locks your computer and prevents you from accessing important files until you pay the ransom. The ransomware virus encrypts your files using a private key that is known only to its creators. The WannaCry virus attack mentioned above is just an example of a ransomware virus attack. Moreover, there is no guarantee that the ransom will help, because hackers may not unlock your computer.

There are several basic steps you can take to prevent viruses from reaching your computer. The anti-virus program scans both incoming emails and files on your computer, and then removes or quarantines (quarantines) any viruses it finds. Hackers are constantly creating new viruses, so you need to update your antivirus regularly. The most high-quality antiviruses have a feature that instructs your computer to download and install updates automatically. You must be sure that your employees know that you do not need to open suspicious files, and any attachments to emails that came from an unknown and unreliable address must be deleted.

An additional means of protection will be connecting to the Internet through a VPN service. Thanks to the VPN, you can work online anonymously. Also, these services encrypt all your data, so it will be very difficult for hackers to track you. A reliable VPN provider always alerts users when they try to click on suspicious links.

If you are not lucky enough to become a victim of a ransomware virus, not everything is lost. This step-by-step guide will help you out of the situation.

Where to begin?

  1. Update your antivirus, and if you do not have such a program, then it’s time to install it.
  2. Conduct a conversation with employees about the fact that you can’t open suspicious attachments.
  3. Browse the Internet through a VPN.
  4. Check out this article on how to mitigate the effects of a ransomware virus, if necessary.

B. Install the firewall

As in any modern business, most likely, most of the devices in your office are constantly connected to the Internet via a broadband connection. If so, then it is very likely that cybercriminals have at least already tried to infiltrate your computer network. Hackers select targets randomly, but if they find a valid address, they will take advantage of any vulnerability to gain access to your network and individual computers in it.

The most effective way to protect yourself from such attacks is to install a firewall. The firewall separates different parts of the network from each other, passing only authorized traffic through the protected part of the network. If you run a small business, the firewall is as if to fence off your local private network from the general part of the Internet. A good firewall analyzes every data packet that is transmitted over the network to make sure that it is 100% reliable, and filters out packets of data that it considers suspicious. To prevent hackers from attacking individual computers on your network, the firewall masks the identity of each computer.

Installing a firewall is quite difficult; only a specially trained specialist should do this. However, this simplifies your task: all you need to do is talk to your system administrator and make sure that the work is done and your network is secure.

Where to begin?

  • Call your system administrator, ask if your local network has a firewall, and if not, ask him/her to set up a firewall.

D. Special precautions for laptops and other mobile devices

Because these devices can be taken with you and, therefore, can be taken out of the office, laptops, in particular, can become a weak link in your security system. They are also hunted by thieves because they are easy to steal and sell. Also, employees themselves can be quite careless with their work laptops, as in most companies they will simply be provided with a new one if they lose or the previous one is stolen from them. 

However, replacing a laptop is a significant financial cost, especially for a small business. But here the biggest problem is not even the financial side of the issue. The laptops of employees (especially senior executives) most likely contain confidential company data that can harm your business if they fall into the wrong hands.

There are several safety rules that you and your employees should begin to follow to prevent theft of work laptops or mitigate the most serious consequences for the company if it does happen. First: if an employee uses a laptop in a public place or even at a work meeting or conference, he/she should always keep the laptop insight. Laptops should be carried in hand luggage and not left in the lockers of airports and hotels.

Hackers can easily access data on a laptop or other mobile device if the Internet connection is not through a secure network. There are several security rules that we advise you to adhere to protect your data: for example, use only strong passwords, back up the work that you performed on your laptop before each trip and encrypt all data. These rules are especially relevant for laptops. We will talk more about them in the third section (“How to protect your data”).

Believe me,

planning actions in case one of your company’s devices is stolen is worth the effort and time. If you use cloud storage for some needs of your business, then see what management functions your provider for mobile devices offers you. Most cloud computing resource providers give you the option to erase all data from any device that is lost or stolen.

All these tips also apply to company smartphones. There are several measures you can take to secure your company’s smartphones. In this guide, you will find all the recommendations you need, especially for iPhone devices. There you will find a list of security applications that we recommend, as well as for instructions on how to change the settings of your smartphones to protect them.

One of the best ways to protect mobile devices – laptops, smartphones, Amazon Alexa assistant devices and even your PS4 office set-top box (if you think that a game console should be in the perfect office!) Is to install a VPN application that will encrypt all data that are transmitted through these devices. You do not need to install a VPN application on each device; instead, a VPN can be installed directly on your office router. Thus, all your office devices that are connected to the Internet will be protected.

It is also important to formulate rules regarding what devices employees can bring with them to work. Many employees allow employees to bring their laptops and other devices to the office since it is much cheaper than providing everyone with the necessary equipment. We recommend that you oblige employees to install an antivirus on all personal devices and update them regularly.

Where to begin?

  1. Install the latest updates of operating systems and antiviruses on all laptops and smartphones of the company.
  2. Develop rules about what devices can be used for work purposes and what security features should be installed on them.
  3. Contact any cloud computing resource provider to find out how they can help you manage your company’s mobile devices.

3. Protect your data (cybersecurity)

Regardless of the area in which your business is located, data is the main element of your work. Without customer contact information, without your inventory, without your data and all the intermediate information, you simply could not function as a business. This data can be lost in a variety of ways: your computers can be damaged, they can break, hackers can penetrate your network and steal data, or your office may be damaged during a natural disaster. Therefore, your goal is to protect yourself from data loss by taking measures to prevent the worst consequences.

A. Implement backup of important data

There are two types of backups. A full backup involves backing up all the data of your choice, in which you transfer them to another device or media. With incremental backups, on the contrary, you simply add to the previously made copy the data that has appeared on the device since the last backup.

The easiest and most effective way is to combine these two types of copying. Make full backups periodically and do incremental backups daily. Alternatively, you can do a full backup every evening after the end of the working day. It is very important to check whether the process works as it should: it would be a tragedy to lose all the data, and then find out that the backup system has not been working for a long time. You can verify this by “restoring” the trial part of the data on some new device. So you can be sure that your backup system is fully viable, or you can prematurely identify the problem.

There are many ways to back up your data. You can save them on physical media such as a flash drive or an additional hard drive, or you can put them in a shared folder on your work network. You can also keep backups of data in a safe place in the office. However, keep in mind that storing all data on some physical medium will not help in the event of a natural disaster or an office hack. We strongly recommend that all companies not skimp on cloud backup systems.

Where to begin?

  1. Review your company’s data retention policies. Are all important data backed up? If so, where do you keep them?
  2. Work with your system administrator or IT department to implement a plan for creating weekly data backups.
  3. Test your backup system so that everything works as it should.

B. Encrypt the important information that your company stores in the cloud

Today, many companies store their data in the cloud, if not entirely, then at least in a significant amount. In this case, “clouds” can be understood as both cloud storage systems such as Dropbox, and cloud platforms like Salesforce operating on the SaaS model. 

Since all this is called “clouds”, all data may be stored in some kind of safe and abstract virtual space. This means that your data is not stored on your hard drive or your local network, but on remote servers that you have accessed from your cloud service provider. Accordingly, it is extremely important to carefully read all the security and precautions taken by the provider and make sure that your data is adequately protected.

There are several ways to make sure your cloud data is secure.

 Manually encrypting everything – that’s what you can safely call the simplest and safest solution in this case, since many programs can help you with this. In other words, one should not rely only on the security systems of the provider, when it is possible to defend yourself. The main thing – do not accidentally upload your encryption keys to the cloud.

So, you should carefully read the offers of the cloud service provider. At the moment, there are dozens, if not hundreds, of providers in the market, and some relatively little-known companies offer much more reliable ways to protect user data than large and well-known companies. Some services, by the way, automatically encrypt user data before uploading it to the cloud.

A completely different option is to work with BitTorrent Sync. This is a completely free service that was developed as a replacement for cloud systems. The difference is that BitTorrent Sync does not store files in the cloud. Instead, it allows you to work on documents through a platform that provides file sharing using the P2P model. These services typically use the most advanced encryption (AES-256) and support two-factor authentication, which adds a layer of security.

In this comprehensive online security guide, you can find more information on this.

Where to begin?

  1. Assess the status of your company’s important information. What part of this data (or a copy thereof) is stored on the cloud platform? Is this platform safe?
  2. Learn more about cloud platforms and see if they protect user data reliably enough.

B. Protect your passwords (cybersecurity)

The easiest way to distinguish a person who has the right to access important data from a person who does not have such a right is a password. Unlike other high-tech systems (smart cards, fingerprint scans or even the iris), passwords are used almost everywhere. It’s understandable because it’s free and easy! However, passwords are also very vulnerable.

 Hackers have developed advanced, sophisticated and automated applications that can crack simple passwords in a few minutes. Besides, hackers will not scam by fraudulent methods to gain access to your company’s passwords: phishing attacks, digital counterfeiting, social engineering designed to get people to give out their passwords …

There are many reasons why password performance can drop to zero. We often forget to password protect access to important documentation, and then anyone who sits on our computer will be able to open a secret file. In order not to forget passwords, many employees write them down on a piece of paper and store it on their desktop. Worse, many of us use weak passwords that are pretty easy to remember, over and over. About the fact that few people change passwords regularly, and I don’t want to say something! All this gives hackers a green light.

These seven steps to creating a truly strong password will help you protect yourself from hacker attacks:

  1. Use different passwords for different services.
  2. Change your passwords regularly
  3. Use strong passwords
  4. Enable two-step verification
  5. Disable autocompletion of logins and passwords
  6. Use the password manager – a program where all user passwords are stored in encrypted form
  7. Do not send your passwords by e-mail or SMS

Creating a strong password is not so difficult. You can use a special service (for example, this one ) to find out if your password is strong enough. There you will find out how long it will take to crack it. You can also use a secure random password generator to create a completely random and unpredictable password.

Tell all your employees how important strong passwords are. This is especially necessary if you want passwords to protect your data reliably rather than opening loopholes for hackers.

Where to begin?

  1. Let all your employees verify the strength of their passwords in the Password Meter service. If their passwords can be cracked in minutes or even hours, then let them change the passwords to more secure ones.
  2. Wherever possible, two-step authentication should be enabled.

D. Set permissions to access information

Think about who in your company has access to important information. Probably a lot more people than they should. Accordingly, you need to do access restrictions. Administrator accounts should only be with those of your employees who are authorized to administer systems and install new software.

Also, it is worth avoiding the practice when several people use a common username and password. Why? If your system is hacked, then determining how and when everything happened will be much more difficult, if at all possible. Let each user have their account and their access permissions. If you use Windows, you can set different access levels for different users – for example, depending on what position they occupy in your company. If one of your employees has been absent from the workplace for a long time or even quit his job, block his account as soon as possible.

Where to begin?

  1. Together with your system administrator, determine what level of access to the system each of your employees should have.
  2. Change access levels so that all your employees have access only to those programs and settings that are necessary to carry out their work duties.

D. Protect your wireless networks

Hackers can also access your servers via wireless networks in your office. Since the Wi-Fi connection does not require a physical connection to the cable, hackers only need to be in the range of your router and run several free programs to crack your network. After that, attackers will be able to steal your files and disrupt your system. Yes, Wi-Fi-enabled devices are equipped with features that can prevent this from happening. Alas, most of these functions are disabled in the default settings, so as not to complicate the process of installing the software.

If you use a Wi-Fi network, then you need to make sure that all the security features of your network are activated. Also, you can restrict working hours access to your wireless network so that hackers could not crack it, say, at night. And so that outsiders could not connect to your network, you can restrict Wi-Fi access only to certain computers by setting access points.

Where to begin?

  1. Let your IT technician check your Wi-Fi network and enable all the necessary security features, as well as restrict access to your wireless network during business hours.

E. Protect yourself while surfing the web

When you and your employees work on the Internet, all your actions are monitored in a variety of ways, sometimes completely invisible. And all your actions can be collected in a very detailed list by third parties without your consent. And your employees may accidentally go to dangerous sites that can steal your important business data! Also, any data may be compromised if it is transmitted to sites via an unencrypted connection.

The best way to protect your connections, as well as the data privacy of both your business and your employees, is to start working through a VPN service. VPN technology allows you to create a virtual private network, which makes it possible to hide the user’s IP address and encrypt all traffic passing through it. Also, using the VPN you can work anonymously on the network, which is especially important if you need to often study competitors by occupation. It is equally important if the history of your work on the network can be of certain interest to competitors.

The disadvantage of this method is that a truly reliable and high-quality VPN service costs money.

 As an alternative, many opt for free web proxies. Alas, you never know for sure who manages a particular proxy service: it is possible that the service is controlled by hackers, or it may be that the proxy collects information about user actions. A proxy service can hide the user’s identity and actions from the sites he visits, but he sees everything perfectly. And this is just one of the reasons why we recommend using a VPN rather than a proxy if you want to work safely on the network.

You can also protect yourself by adding additional security features to your browser. So, the Firefox browser is an open-source program for which many add-ons are designed to protect the user and his data. These include various ad blockers, encryptors, add-ons for protecting browser data, cookie and cache managers, and so on. For more information, see the article on 20 Firefox add-ons that make this browser safer.

Where to begin?

  1. Consider signing up for a VPN service that offers business solutions.
  2. Start using the Firefox browser with add-ons that ensure the security of the user and his data.

G. Protect sensitive data created by remote employees

Many small businesses use remote employees to solve a variety of problems. Thanks to the Internet you can work with people from all over the world. There are many advantages to cooperating with remote workers: you do not have to hire a person in the office to solve any complex or monotonous task, you can choose candidates from any country in the world and so on. 


remote work involves certain risks – including risks to your cybersecurity. You could use all the protection methods mentioned earlier, but most of them will be useless if remote employees who do not connect through your company’s secure network gain access to your important data. This problem is especially acute if remote employees connect viaWi-Fi public hotspot.

The mobile device management solution that we talked about in paragraph 2.G. will help you work with your remote employees as well as with employees on vacation. The most important thing, however, is to make sure that all of your remote employees who have access to important information use your company’s secure network and secure connection to it.

Windows has the option of connecting to the remote desktop, but by itself, it is not enough to protect your data. If you work with remote employees and simply cannot afford to leak important information, we advise you to use a special VPN service with which remote employees will first connect to your office LAN and only then to their computers through the connection function to the remote desktop. It sounds complicated, but your IT specialists probably know how to set everything up, in particular, how to set up a VPN for your office network.

Where to begin?

  1. Check your company’s rules for telecommuting. How do remote employees access your business information? Is this data important?
  2. Contact your system administrator to create a secure and reliable way for remote employees to connect to your office’s local area network.

H. Protect your customer data

It’s one thing if important data of your company is lost or stolen. It is quite another matter if such a fate befalls the data of your customers. In this case, you may encounter the most serious legal consequences! Accordingly, the data of your customers should be protected, like the apple of an eye.

As a rule, user data gets to your servers through several intermediate steps. If you have an online store or you process payments on your website, then important user data (names, payment card details) will first be sent from the user’s browser to the web server of the online store.

The best way to protect data at this point is to use an SSL certificate and the HTTPS protocol – at least on those pages where users need to enter important data. All this will allow you to encrypt user data, while they have not yet reached your server. If you transfer user data between the servers of your company, you should use all the data protection methods described earlier, especially when it comes to cloud storage and transferring data to cloud servers.

Where to begin?

  1. Contact your IT professional or the developers of your e-commerce platform to ensure that important customer data is collected most safely.

4. Talk about safe work on the Internet with your employees

The protective measures given in this article are quite comprehensive, and if you strictly follow them in everything important for your enterprise, you will significantly reduce your risk of becoming a victim of a cyber attack. However, this is only true if your business consists of just one person: yourself.

Alas, it is enough that only one person sends client data via an insecure connection or clicks on a suspicious link and downloads a virus so that all your security systems and efforts go to waste. That is why the most important measure of protection against cyber attacks is to conduct educational campaigns on the topic of cybersecurity among your employees.

Let’s be honest:

if you talk with your employees about the culture of safe work on the Internet, if you explain to them all the rules related to the issue of cybersecurity, if you teach them how to work safely with data and hardware components, then your employees will become the first and most reliable line of defense against any cyberattacks.

But how to involve workers in all this? The correct answer: to develop all the rules and regulations with them. This increases motivation and willingness to follow new rules. Among other things, your employees are well aware of all the strengths and weaknesses of your business, it is they who work with important data, so who can they not know about all the weaknesses and vulnerabilities in your work processes?

Start holding regular cybersecurity meetings with your employees.

 At these meetings, you can carefully discuss and work through all the important issues related to security – for example, all those that we mentioned earlier. Make sure passwords and access levels are up to date. Check that your employee’s passwords cannot be cracked. Make sure that your employees do not write out passwords on leaves or leave them in a conspicuous place. Teach them how to identify a phishing email, tell them that not all sites are equally useful. 

Tell your colleagues about all those innumerable sinister ways that hackers can take to fetch important information from them. Explain to them that it’s not worth discussing confidential information related to your company, with witnesses, after all, you never know who overhears such a conversation. Try to make all of these rules clear and simple. We have prepared a template for you to print, it lists all those simple actions with which your employees can protect themselves from hackers. You can hang it on a bulletin board or refrigerator. By the way, you can change this list as you see fit!

Compose an official document on cybersecurity issues, list in it all the necessary rules and actions. Let your employees familiarize themselves with it and sign that they have read and understood everything. You can even enter these kinds of rules and requirements into the work contracts of your employees!

It is very important to remember that cyberthreats are constantly changing. Hackers are creating more and more tricky and complex ways of hacking computer systems and stealing data. Follow the latest cybersecurity trends and do not forget to inform your employees about them!

Where to begin?

  1. Post our printable cybersecurity guide in a prominent place in your office and email this email template to all your employees.
  2. Start developing a cybersecurity training program for all your employees.

We sincerely believe that this guide will help you and your employees protect themselves from various cyber threats. And if you want your friends and colleagues to be protected from hackers (and we, for example, really want this!), Then please share this article with them on Facebook and Twitter.