employees at computers in small office (Photo: fizkes/Adobe Stock)

In today's hyper-cyber world, no business is too small to be concerned about cybersecurity. In the past year, 42% of small businesses claim to have experienced a cyberattack, according to a recent report from AdvisorSmith. These attacks included a mixture of phishing, malware, data breaches, denial-of-service and ransomware.

ALM Small Business Adviser Logo. Courtesy photo. Join our LinkedIn group, ALM's Small Business Adviser, a space where small business owners can gather to network, have discussions and keep up with the trends and issues affecting their industries.

It can be difficult for smaller business owners, who may not already have cybersecurity strategies in place, to even know where to start protecting themselves. RIMS, the risk management society, recently released a report detailing the process small and medium businesses (SMBs) can use to safeguard against bad actors.

Recommended For You

Identify important information

The motivation for cybercriminals isn't always to obtain information they can profit from, but often they target information that is valuable to the business they are attacking. The first step to creating a cybersecurity plan, RIMS suggests, is to identify information within your company that may be attractive to bad actors. This includes customer and employee data (Social Security numbers, medical data, contact information, financial information, etc.) as well as company data (billing information, product specifications, operational information, etc.) that is imperative for your business to operate.

Look at possible worst-case scenarios

Playing the "what-if" game may sound like a recipe for anxiety, but it is necessary to consider all possible scenarios in order to defend against them. Examples of questions RIMS suggests you explore include:

  • What happens if your customers' information is stolen?
  • What happens if your company has to stop operations for 15 days or longer?
  • What if data you need to operate has been encrypted by ransomware?
  • Can your company be the entry point of an attack on one of your clients?
  • Could any of your subcontractors be an attack entry point for you or your clients?

Define your reactions

Once you have a list of worst-case scenarios, brainstorm how your company will react to each, and consider the safeguards you have in place – or should have in place – prior to an attack. This includes having backups of company and client information, having a trusted IT service available and making sure you have a cyber insurance policy and know how to use it. You should also have a plan for who to inform, and how to inform them, if there is a data breach.

Create clear policies for your employees

People are often the point of entry for cyberattacks, so it's imperative employees are trained on good cyber hygiene practices to avoid creating a point of weakness in your business. They should know how to safely store customer and business information, how to recognize phishing attempts and how to create strong passwords – especially those employees who have administrative permissions.

Find monitoring alternatives

Cyber risk is constantly changing as bad actors find new strategies to attack businesses, so staying aware of these evolving trends is imperative to protecting your business. Creating a dedicated internal IT team, using detection software and even having an external IT consulting team can all go a long way to protecting your assets.

In their report, RIMS also offers a checklist from cybersecurity provider PurpleSec of the minimum steps SMBs should take to prevent the most common cyberattacks. This includes:

  • Developing cybersecurity policies
  • Implementing security awareness training for all employees
  • Installing spam filter and anti-malware software
  • Deploying next-generation firewalls
  • Installing endpoint detection and response
NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Brittney Meredith-Miller

Brittney Meredith-Miller is assistant editor of PropertyCasualty360.com. She can be reached at [email protected].