Security camera monitoring a business.
May 05, 2025
4 minute read

Small business cybersecurity

From physical storefronts to home enterprises, it’s important to have safety guardrails in place to help protect the cybersecurity of your small business.

While large companies often have entire departments dedicated to physical and cyber security, small business owners likely have to handle these responsibilities themselves. This can include setting up alarm systems and cameras to help protect against theft and buying software to safeguard data.

Breaches for solo enterprises or small companies can have disastrous effects, especially when it comes to cybersecurity. According to the findings from the Hiscox Cyber Readiness Report, the median annual financial cost to American small businesses was more than $8k in 2023, down from $10k in 2022.

Whether you own a coffee shop or are an independent consultant, you can create a security plan to help protect your information and your customers' assets.

Start with the basics

Networks used for business, at home or in a physical location, should require a strong password and authentication to deter data breaches. To help protect your physical assets, consider a security monitoring system. There are various installation options either by a company or with cameras and monitors you install yourself.

  • Software updates. Check for regular updates as they will give you the latest security features.
  • Device encryption. This adds another layer of protection by converting your data into code that isn’t readable by outside sources.
  • Multifactor authentication. Opt-in for authentication features like two-factor authentication when available. These add an extra security layer to the login process, such as a security key or a one-time code received by text.
  • Antivirus software. These programs can help stop some of the most prevalent cyberattacks against businesses.

Understand common threats

Small businesses should be prepared for the following types of attacks:

  • Malware — is malicious software that can disable or damage computers and leave your system vulnerable to unauthorized access. It can result in stolen sensitive data, disrupted operations, financial loss and reputational damage.
  • Ransomware — is a type of malicious software that holds a computer system hostage until a ransom is paid. The severity of the attack depends on how much leverage the attacker has against the victim.
  • Social engineering — attackers deceive employees into divulging confidential information. This can happen in person or remotely.
  • Phishing — is a type of social engineering where attackers masquerade as a reputable source to trick victims into giving away sensitive information like usernames, passwords or bank information. These attacks can happen in person, over the phone or through email.
  • DDoS attacks — these attacks overwhelm online services with traffic from many sources, often using bots. This can shut down websites or point-of-sale systems, causing potential revenue loss.

Responding to ransomware attacks

If you experience a ransomware attack:

  • Do not respond. Avoid responding to threats or providing passwords or sensitive information to attackers.
  • Isolate the device. Disconnect the affected device from the internet or power source.
  • Contact authorities. Report the attack to the relevant authorities for guidance and assistance.

Protect your network

Now that we’ve established what these attacks look like, let’s consider what steps you can take to start strengthening your small business network security.

  • Enable firewall security. This can usually be adjusted through your router’s administration panel which can be accessed via your web browser.
  • Encrypt your Wi-Fi network and hide the router away from public access. You can also adjust the settings to hide the network name from broadcasting to others.
  • Use different computers. One for payment systems and one for day-to-day internet business activity.
  • Change all of your passwords every three months.

Protect sensitive data

Some data is more precious than others. Take extra precautions to help protect your highest priority information like credit cards and other types of financial information.

  • Create backups. Store multiple backups of your important data using a secure cloud service and an offline external hard drive.
  • Update regularly. Ensure your backup files are up-to-date by scheduling regular updates, and consider enabling automatic updates if available.
  • Restrict access. Limit physical access to computers and hard drives that contain sensitive information.
  • Replace aging drives. If data is stored for an extended period, replace physical drives every few years to maintain security and prevent data degradation.

Train employees on cybersecurity basics

Inadequate cybersecurity training can make your organization vulnerable to attacks, particularly those that prey on employee naivety. To help mitigate this risk, consider training your employees on the following:

  • Password policies — enforce strict password requirements for company computers and personal devices that access company information.
  • Internet usage — establish clear internet usage guidelines and specify penalties for cybersecurity policy violations.
  • Data handling — create behavioral rules for handling and protecting customer data and sensitive information.
  • Social engineering — educate employees about social engineering attacks and create policies for sharing sensitive information between team members.
  • Access control — limit employee access to data and information on a need-to-know basis.
  • Software installation — ensure employees do not install software onto work devices without permission.

Have a game plan

When under attack, quick action is essential to help prevent the situation from escalating.

Begin by thoroughly assessing the damage to understand the scope and severity of the attack. Although hackers can be elusive, taking these steps may increase the likelihood of recovery and strengthen defenses against future attacks.

You may want to develop a plan to preserve data, maintain business operations and manage customer communication during an attack. Consider the specific requirements for different types of attacks, such as malware or phishing, and create a general plan for unforeseen scenarios.

Remember that different attacks may necessitate different responses. For a malware attack, consider consulting an IT professional to assess and repair the damage. For a phishing attack, you may want to immediately inform employees of the attacker's tactics to prevent others from being deceived.

Boost card reader safety

Whether using a traditional credit card machine or a mobile reader, securing credit card data is essential to protect customer information. Maintain up-to-date software; those fixes often help address security flaws. If you haven't already transitioned to an EMV-compliant device for reading chip cards, consider doing so for an added layer of protection. Some customers are also leaving their cash and wallets at home — instead using smartphones for retail purchases with a built-in mobile wallet.

Reassess your small business cybersecurity

As your business changes, your security and cybersecurity needs may change, too. Set a time on your work calendar — every six months or yearly, for example — to re-evaluate your assets and potential threats to data.

The information in this article was obtained from various sources not associated with State Farm® (including State Farm Mutual Automobile Insurance Company and its subsidiaries and affiliates). While we believe it to be reliable and accurate, we do not warrant the accuracy or reliability of the information. State Farm is not responsible for, and does not endorse or approve, either implicitly or explicitly, the content of any third-party sites that might be hyperlinked from this page. The information is not intended to replace manuals, instructions or information provided by a manufacturer or the advice of a qualified professional, or to affect coverage under any applicable insurance policy. These suggestions are not a complete list of every loss control measure. State Farm makes no guarantees of results from use of this information.

Start a quote

Select a product to start a quote.

Find agents near
you or contact us

There’s one ready to offer personalized service to fit your specific needs.
844-364-0100

Related articles

Woman closing a roller shutter to help secure her small business.

How to protect your business from burglary and robbery

Burglary is often a crime of opportunity and robbery is terrifying. Incorporate these burglary and robbery prevention tips and more to help protect your business.

Woman looking at smartphone and accessing her files stored in the cloud.

What is cloud storage and is it safe?

Cloud computing has unique cyber security risks. Read more about what the cloud is, cloud computing providers, safety of the cloud and strong passwords.

Woman reviewing business plan for small business.

How to grow your small business

Once you’ve opened your small business, the next step towards future success is growth. With these resourceful tips, find ways to help grow your business.

Person's hand entering a PIN number at an ATM machine.

Credit card, debit card & ATM security tips to help prevent card fraud

Learn about credit card fraud and how to help protect yourself with common security precautions.

Simple Insights
The Basics
Planning
Life Moments
Smart Ideas
Safety