Harry Kazakian, President, USA Express Legal and Investigative Services and Secure Background Check. Licensed private investigator.
In late 2019, a telemarketing company in the Little Rock, Arkansas, area fell prey to a crippling ransomware attack. The company employed about 300 people when hackers demanded payment to restore access to the 61-year-old firm’s servers and all the information contained on them. The owner and CEO temporarily furloughed the entire workforce as she tried to regain control but eventually paid the ransom for a decryption key that was supposed to work. It didn’t. The company appears to have since ceased operations.
Despite their small size—perhaps because of it—this business found itself squarely in a cybercriminal’s crosshairs, demonstrating a sobering reality: Small does not mean safe in today’s threat landscape. According to cybersecurity firm SonicWall’s mid-year threat report for 2024, there was a 15% increase in malware attacks in North America compared to the previous year, and they declared 2023 the third-worst year on record for ransomware attacks. Manufacturing, retail and healthcare sectors were the top targets, with attacks spreading to smaller professional firms and government offices.
For too long, many small-business owners have assumed they won’t be targeted, although it appears criminals may increasingly see them as easy targets. And even if you’re one of the lucky ones who survive a ransomware “kidnapping” of your servers, you could still suffer beyond ransom cost. Customers may decide to go somewhere else, the downtime alone could cost business and you could be liable for fines and legal fees.
No matter how small your business, here is a quick blueprint for strengthening your defense against common cyber threats:
Start with the basics.
How strong is your firewall and antivirus protection for your networks and users? What about your passwords?
Passwords should be complex and regularly reset. Use a password manager to reduce weak credential risks—we’re nearly two full generations away from “password123,” but it’s still a lazy go-to for many, even today.
Next, look at your standards for backing up data. Are they done daily, weekly, never? I recommend storing backups securely offsite, and you should check your restore processes on a schedule to confirm data integrity.
Also, consider simple and budget-friendly measures such as anti-malware tools and basic monitoring apps. Low-cost subscriptions can offer robust features like centralized management dashboards, advanced reporting and dedicated support.
Identify your vulnerabilities.
Ransomware attacks are one of the most common cyber threats, as are phishing scams, and they often work hand-in-hand to install malware to cause damage or gain access to a target. One of the best ways to thwart their efforts is by performing regular technology audits. This means cataloging current hardware, software and network configurations, as well as identifying and labeling customer info, financial records, IP and other sensitive data.
If you don’t have an IT department or the know-how and time to review, assess and fix everything, you can hire an outside security compliance vendor. In my experience, a single, in-depth security and compliance review for a small business will likely run you between $5,000 and $15,000 as a one-time project. Ongoing services can range from around $1,000 to $3,000 per month (or more) based on the level of support and monitoring you need. It’s generally wise to invest in a thorough audit, as the cost of recovering from a breach can far exceed proactive security measures.
Recognize that your team is your first line of defense.
Security is only as strong as your weakest link. You need to invest time in creating clear and unambiguous policies on the dos and don’ts for email attachments, external links, remote access, downloads and more. These need to be easily found in your company handbook and reviewed and updated regularly.
Train your team in basic cyber hygiene to keep security top of mind. Consider employing a phishing simulation platform where you can safely send your team a test email to see how they perform and what can be improved. Make it fun. Reward good performance and frequently use your soft skills to show your appreciation. For managers and senior leaders, develop an incident response plan. It should contain the procedure for when you detect a breach, how to contain it, recovery and how to communicate about the incident. To ensure preparedness, hold tabletop exercises now and then.
Have a zero-trust mindset.
Today, it’s safe and smart to assume no user or device is automatically trusted. Instill this idea in your team. Ensure that all devices used on your network—including phones and tablets—have multifactor authentication turned on.
Segment your network by breaking the network into smaller, isolated sections. That way, if one part is compromised, an attacker can’t easily access your entire network. Think of it as having separate, locked rooms within your digital office—if one door is breached, the others remain secure. Tools like virtual local area networks and firewalls let you control which areas communicate with one another, helping to protect sensitive information and often improving network performance. This way, you can boost cybersecurity without overhauling the entire system.
Finally, consider getting cyber insurance. Policy premiums for small- to medium-sized businesses can vary widely depending on factors like company size, industry risk, revenue, coverage limits and existing cybersecurity measures. From what I’ve seen, a small business with a modest risk profile might secure a policy starting at roughly $1,200 to $2,000 per year for around $1 million in coverage, and prices go up from there depending on company size, industry and what you want to cover such as business interruption, legal liability and data recovery costs.
The bad guys are constantly evolving. Remain vigilant so that your business can stay healthy and productive for decades to come.
Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?
