Small Business Cybersecurity: 10 Tips & Mobile Security Best Practices

Small businesses are particularly vulnerable to cyberattack. Assuming SMBs are without a full-time tech department, cybercriminals increased their efforts against smaller teams in 2019. So what’s a small business to do without an enterprise security budget in 2020?

Cybercrime impacts small & medium-sized businesses harder

  • 43% of cyberattacks target SMBs [CPO Magazine]
  • 67% of SMBs have experienced an attack in the past year [Keeper Security]
  • 60% of SMBs go out of business within 6 months after experiencing a cyberattack [CPO Magazine]

Cyberattacks are becoming more complex for SMBs to handle

  • 80% of data breach victims report that malware evaded their antivirus software [Keeper Security]
  • 93% of malware is polymorphic, which means it adapts to evade detection – it requires network-layer monitoring and adaptive threat hunting to detect it [Webroot Threat Report]
  • 77% of all cyberattacks are fileless attacks which don’t install new software on your devices and are not detectable by Antivirus software [Verizon Data Breach Report]

Small business cybersecurity protects work & personal mobile devices

Don’t wait to protect your small business with cybersecurity

You probably know you need cybersecurity, but it can seem daunting for your business.  Where do you start, especially if you don’t have an in-house IT administrator, let alone a cyber expert?!

The good news is cybersecurity for SMBs doesn’t have to be hard or expensive.  And it can work for agile small teams that want to work remote, let employees use their own devices, and steer clear of hardware and network equipment.

10 Cybersecurity Tips for Small to Medium Sized Businesses


Here are 10 simple cybersecurity tips your small business can do to protect your financials, customer data, intellectual property, and employees:

1. Criminals focus on three zones of cybersecurity protection:

  • Devices we use
  • Internet connections(wifi, home/guest/work networks)
  • Online services used with portals and passwords (email, banking, file sharing)

These three areas all must be secured for any data or communication to be secure.

For example, you can secure your email account by having a strong unique password and two-factor authentication for all logins. However, if the laptop you use to access this email is infected with malware, then criminals can potentially see your email or gain access to it via the laptop itself. Or, if your team uses cloud file-sharing or cloud systems for storing customer data, any one of your employees could be the weak link to that data if their devices aren’t secure.

2. Use a personal virtual private network (VPN)

Business is increasingly mobile. Teammates work from home or the coffee shop, where others are traveling to meet clients. Keep in mind that public wifi is inherently insecure and cybercriminals often sit on airport, café, and luxury hotel wifi to intercept your browsing, steal passwords, or inject fake sites and pop-ups on your computer (laced with malware). Even wifi at luxury hotels isn’t to be trusted. And unfortunately, many co-working spaces are just as digitally unsafe.

A secure VPN like Rubica allows you to safely connect to any wifi network – even public wifi. VPN technology creates a secure encrypted connection from your device to the internet no matter where you are in the world, no matter what network or wifi you connect to.

In addition to creating a secure tunnel to the internet, Rubica also protects both ends of the data tunnel by automatically blocking malicious programs and sites from infecting your devices. All with one app.

3. Get mobile security for all devices (not just laptops)

We know 66% of people use the same device for work and personal tasks. Overlapping use of the same device increases the likelihood of compromising both. If your personal device is infected while web-browsing and next you access work email or documents from that same device, you’ve damaged both worlds.

We’ve built Rubica with this in mind so that you and your team can safely use one device for everything. Rubica protects your device and internet activity no matter where you are or what you are doing online, work or personal.

4. Use business password management tools

With startups using cloud services, strong passwords become mission-critical. Weak or reused passwords are the easiest ways for cybercriminals to get into your business. LastPass and Dashlane both offer team and enterprise versions, allowing you to enforce strong passwording and multi-factor authentication (MFA) policies—all while tracking company-wide password statistics.

5.  Use multi-factor authentication (MFA) on business & personal accounts

For all of your online logins, go into the settings and enable multi-factor authentication (also called two-factor authentication) wherever possible.

Your user password is considered “one factor” in the authentication process, referred to as “something you know.” In order to add layers of security, we can introduce a “second factor” of authentication, such as “something you have” (a unique code texted to your smartphone) or “something you are” (your fingerprint).

Additional authentication factors greatly increase security because a hacker would need to gain access to your phone or your fingerprint in order to hack your account.

6. Keep security software current

Having the latest security software, web browser, and operating system is the best defense against viruses, malware, and other online threats. Turn on automatic updates for your software programs to automatically update and patch vulnerabilities.

7. Don’t rely on Antivirus


You need something more than antivirus to protect your devices from modern threats. Cyberattackers craft malware than can easily evade detection by host-based security systems (like antivirus). The best way to detect threats is through continuous monitoring of network-layer events – the 1s and 0s being passed in and out of your device, to and from the internet. Although malware can hide inside a device, eventually it has to call out to its command-and-control for instructions, or exfiltrate data…and those footprints out can be seen.

Rubica provides 24/7 protection for your devices, actively blocking known malware, phishing sites, and detecting threat indicators via pattern and behavioral anomalies. Our app routes device traffic through our secure cloud network for filtering and analysis by our cybersecurity tools and human analysts. Our software works on Windows, macOS, iOS, and Android devices, running quietly in the background without requiring any user interaction or IT management from your team.

8. Back up your data

Prepare for the rise of ransomware with an easy step – having another copy of your data! Protect your valuable customer data and other digital information by making an electronic copy and storing it safely in a secondary location from your primary office, either on physical hardware or in the cloud. No matter if you choose a physical or virtual location on which to store your data, make sure you encrypt.

9. Device hardening (make your devices harder to compromise)

Most startups can’t afford a full-time Systems Administrator whose job it is to make devices harder to hack.

In the absence of a full tech staff, make sure you:

  1. Encrypt full disks with FV2 or BitLocker
  2. Set up Standard users instead of Admin users
  3. Disable any remote access that isn’t essential
  4. Enable software firewalls
  5. Use antivirus/anti-malware software.

Further hardening can be achieved using CIS (Center for Internet Security) controls for both Windows and macOS.

10. Don’t let your vendors be your weak link


Think about who else has access to your systems and data. Do you use an outsourced accountant?  IT professional?  Lawyer?  Ask them questions about what they do to make sure their devices and network are secure, and to not be your weak link.

Vendor checklist:

  • What information and systems do they access for my business?
  • How do they access or share data with me?
  • Do they download or keep copies of my data?
  • How do they protect the data they have?
  • If I do business with California (or store data on California residents) – is my vendor a CCPA compliance risk?

Also ask whether they have routine third-party cybersecurity audits, and if they have regular cyber awareness training for their employees. Most businesses get breached from employees clicking on bad links or having poor password hygiene.

When you should worry: if your vendor has unencrypted email, lack secure file sharing, and have an insecure internet connection.

Get the cyber protection your business needs today

Out of these 10 recommendations, which are you already taking care of?  Where do you have gaps?

Our team of cyber experts offer 15-minute free consultation calls to help you determine next steps to protect your business, no high-pressure tactics or strings attached.