Air Date

August 26, 2021


Jeanette Mulvey
Vice President and Editor-in-Chief, CO—


Small business owners must develop a thorough cybersecurity plan for their organization. A security breach could lead to loss of valuable business data and assets — which not only costs time and money, but potentially the trust of customers.

Fortunately, there are many strategies small businesses can implement to protect their systems and data. Here’s what you need to know about building your organization’s cyber defenses.

Small Businesses Must Build Cyber Resiliency

Since small businesses are particularly vulnerable to cyberattacks, Iron Mountain’s senior product marketing manager Tara Holt encourages business owners to focus on building cyber resiliency.

“We recommend that you think about cyber resiliency [the same way you would think about] protecting yourself against a hurricane or other disaster,” Holt stressed. “You need a plan.”

Holt recommended that business owners think through each step of the process, including how they will respond to an attack, as well as what data must be protected and how to restore it. She also advised using the “3-2-1” method to back up critical data.

“[Make] three copies of data [with] two of those copies [on] different types of media — that way, you don’t have a single point of failure, and one copy is … offline,” she explained.

Equally important is implementing mitigation strategies to lessen the likelihood and impact of a data breach.

“We recommend strong passwords, encryption, a zero-trust network [and] multi-factor authentication,” added Holt.

For Businesses That Process Credit Cards, PCI Compliance Is Paramount

Credit card systems are another potential point of vulnerability. Any businesses that process credit cards must follow Payment Card Industry Data Security Standards (PCI DSS). Should they fall out of compliance and experience a security breach, they could be charged with hefty fines.

“It’s important to be PCI [compliant],” explained Renee VanHeel, founder and president of Pay it Forward Processing. “If you do have an attack, it can literally put you out of business overnight.”

VanHeel recommended checking directly with credit card companies to ask if they offer PCI compliance assessments, as well as consulting with their PCI compliance companies.

It’s also crucial for businesses that deal in e-commerce to take extra precautions to protect customer data, including utilizing credit card processors with high security measures.

“You can reach out to your bank and ask about who they recommend for credit card processing [and] gateway,” recommended Saïd Eastman, CEO of JobsintheUS. “You’re hearing [information] from a professional financial institution and they have a vested interest in your success, especially if you’re their customer.”

Businesses Can Build Cyber-Savvy Teams, Even on a Budget

Small businesses with a limited budget may be concerned about the costs of implementing cybersecurity measures. However, many of the most effective prevention strategies cost little to no money to start.

“A lot of people don’t realize how many options are out there that are free,” noted Bahar Ferguson, president at Wasatch I.T. She recommended the use of multi-factor authentication and free versions of password managers, as well as taking the time to develop robust policies and procedures.

Most crucially, Ferguson emphasized the importance of team-wide cybersecurity education: “After those trainings, generally people really slow down — they’re not click-happy.”

A good cyber insurance policy can also go a long way in protecting a company from both the financial and business-related ramifications of a security breach. Ferguson cautioned business owners to do their research, rather than simply choosing the cheapest option.

“As un-fun as it sounds, you actually have to read the policy,” she said. “Run it by your attorney and make sure that it fits. A cyber partner might be able to review that for you and let you know what is the best fit for your company.”