How to Perform a Cyber Security Review for Your Small Business


Since the onset of the COVID-19 pandemic, cyber threats to businesses of any size have multiplied.

Statistics estimate that cyber attacks will cost the economy almost $6 trillion this year.

Especially for small companies, being hacked can be an existential threat. Over 60% of small businesses that experience a cyber breach go out of business within six months.

With business life having shifted online in the course of 2020, companies are aware of this threat. In a recent survey, 92% said they considered themselves at risk.

Now that countless teams have been working remotely for close to a year, it’s an excellent time to give your small business a cyber security review. Here’s a quick guide on how to spot – and fix – vulnerabilities, and step up your cyber security game.

Risk Assessment

To begin with, take stock of where and how your data is stored and who can access it.

Then, most importantly, gauge how sensitive that data is. This will help you determine the risk levels of possible breaches – and how deeply they would impact your business.

Once this is done, you can make sure that the most sensitive data has the highest levels of protection, and only a select few people have access.

Employee Training

Many cyber security threats come from internal sources.

Statistics show that 4 in 10 breaches result from employees giving cybercriminals access to their networks. This may be done with malicious intent, or just as the result of an honest error such as falling for a fraudulent email, or losing an unencrypted work phone.

To prevent this from happening, the most crucial thing is to increase your team members’ security awareness.

Make sure to implement (and enforce) company policies on secure passwords, device encryption, installing updates, not using public Wi-Fi, harnessing VPN networks, and avoiding private memory devices.

Furthermore, make cybersecurity awareness part of your employee training, and send out regular updates on any phishing and spam attacks you might be seeing in your industry.

Backups & Recovery

For small companies in particular, ransomware is a considerable threat. This kind of malware allows hackers to encrypt other people’s systems, making them unavailable for users until they pay ransom money.

To prepare for this eventuality, make sure to regularly back up your files both offline and to an external server. If you’re ever targeted by a ransomware attack, having such a comprehensive backup strategy will allow you to keep your operations up while you sort the issue out.


Finally, the ultimate way of vetting your cyber security strategy is pentesting: penetration testing.

Odd as the term may sound, it means that you hire a cyber security risk assessment expert to test your systems – by attacking them. Then, they will be able to tell you exactly where your weaknesses are, and how to remedy them.

Weighed against the potential cost of a cyber attack, this type of cyber assessment is a relatively inexpensive way to take your security to the next level.

At the end of the day, cybersecurity is often something that doesn’t rank high on the list of priorities for many small businesses. Until a breach actually happens. Stepping up your cyber security takes some time and effort. But considering the existential threat breaches pose, and their increased frequency in recent months, it is an effort well worth making.