What Small Businesses Need To Know About Cyber-Security

Collette Schultz

These days, you can’t protect your business with just a lock on the door. As your important information and assets are increasingly stored and used online, every business owner needs to have a plan for cyber security. To help you make sure your business is protected, we’ve identified a few key kinds of attacks to watch for and ways to keep your business secure.


What is it: Malware comes in many forms, all with the intent of doing damage to networks, computers, and data. Some types of malware noticeably impact your devices, while others operate silently in the background to steal your information. Malware includes threats like:

  • Viruses: Viruses are programs that are capable of copying themselves and spreading across networks to other computers.
  • Trojan horses: True to its name, trojan horse malware disguises itself as non-threatening programs to trick users into downloading and installing malicious software.
  • Spyware: Spyware software tracks users actions without their knowledge, including what you type and what sites you visit. Spyware can steal credit card and social security numbers, and password information.
  • Rootkit: Rootkit malware gives attackers remote access to your networks and devices. With rootkit, they can install/remove software on your computer, watch user actions, or control the computer.

How to protect your business: Make sure every computer in your business is running antivirus software. (Almost all antivirus software products scan for additional kinds of malware). You can purchase paid subscriptions for programs or download free ones.

Do not download or open email attachments unless you are sure they are safe.  Remember, email accounts can be hacked and used to send malware. Even if the email was sent by someone you know, be careful with any attachments, especially if there is a long list of recipients.

If your IT operations are complex, consider hiring an IT consultant to do a security analysis of your servers, networks, and devices to make sure there’s no easy way for malware to get in.


What is it: Ransomware is a type of malware that made headlines in recent cyber-attacks on large organizations. During ransomware attacks, hackers block your access to your device and data until they are paid a ransom.

How to protect your business: Many kinds of ransomware exploit vulnerabilities in software, especially operating software like Windows. The best way to protect yourself from ransomware is to keep your software updated. Most people find it easiest to set software to automatically update.


What is it: In phishing attacks, hackers send fraudulent email messages that look like they are from reputable organizations or are from someone you know. The messages contain links or attachments that, if clicked, may install malware. Some kinds of phishing messages ask for passwords or other secure information, which the recipient may send if the message looks like it is from a trusted company, like a workplace.

How to protect your business: Train everyone in your business to treat suspicious messages with caution. Don’t open attachments you weren’t expecting from people you don’t know. If you have access to IT support, forward suspicious messages to them for review. Remember that no reputable business will ever ask for personal information by email.

Password cracking

What is it: There are two ways your passwords can be hacked: by guessing or by force. With guessing, a user makes educated guesses about your password based on information about you, like where you live, when you were born, or your family’s names. With force, computer programs try to crack your password by trying thousands of random password combinations until they find yours.

How to protect your business: Use strong passwords for every login, and don’t use the same password for every login. Don’t make your password easy to guess, like your pet’s name or your address. Strong passwords include a minimum of 12 characters and a combination of numbers, symbols, upper case, and lower case characters.

If you have to keep track of many passwords, you might benefit from a password manager program. Make sure you are choosing only well-known programs.

Human error is the most common way for security breaches to occur: using weak passwords, visiting unsafe websites, opening email attachments, not keeping software updated, etc. Hackers are unlikely to target your business unless you store a large amount of financial or customer data that they can profit from either by fraudulently using or selling the information they obtain.

At AgCompass, the security of our customers’ data is a top priority, and we have a number of strategies for keeping information safe. We require encrypted data connections between our server and our clients, require strict user credentials for logins, restrict the number of active sessions a user can have, and will lock an account if too many failed password attempts are made. In some ways, a terminal server environment like the one we use at AgCompass is more secure than typical small business computer networks because users cannot access the internet (and vice versa) on a terminal server.