More than 40% of cybersecurity incidents worldwide over the past year targeted small businesses, making them more likely than any other entity to become victims of cyberattacks.

The results of these attacks and ensuing data breaches can be devastating, leading to financial loss, stolen customer information, or compromised proprietary information.

That's why small businesses must take steps to prevent these attacks or lessen their impact.

But unlike larger companies, small businesses often cannot hire a cybersecurity specialist or install the latest software to block attacks. (CBIA's cybersecurity protection resources are among the many benefits for member companies.)

Anita Campbell, who runs online communities and information websites that reach over six million small business owners and entrepreneurs, says small companies can take three specific steps to protect against cyberattacks.


The first is to change your passwords. Campbell said that eight of 10 security breaches are due to weak or stolen passwords.

"So a company that uses 'Password123' for every account is probably going to be more vulnerable than one that uses complicated passwords and changes them regularly," she said.

Campbell recommends using passwords with a combination of words that are easy to associate in your mind, but unique to you.

"Basically, it should be easy for you to remember but hard for anyone else to guess," she said.

It may get confusing but she also suggested having a combination of characters in your passwords and using unique ones for each account if possible.

"That's especially important for vulnerable accounts like those for your banks or sensitive data," she said.

Then, remember to change your passwords regularly. Another option to consider is two-factor authentication, which can include texting a code to the user's smartphone.


The second step is to update your software. 

All the software on your business' computers and devices can be vulnerable to cyberattacks.

Fortunately, your software providers are constantly working to make their products stronger so that hackers, viruses, and malware can't access your accounts and sensitive data.

"That's one of the reasons why you constantly get alerts asking you to update your software," Campbell said.

"Don't ignore these alerts. They make it more difficult for viruses, malware, and hackers to make their way into those software programs."


The third move is to train your employees.

It doesn't matter how often you change your passwords and update your software if your team doesn't.

Consider a quick meeting or seminar to share best practices with your team.

Make sure they have information on how and when to change their passwords, and setting up two-factor authentication on the common programs and accounts your company uses.

"You can even send out reminders or alerts when it's time to change passwords or update security procedures," Campbell said.

Finally, she recommends, create policies or processes for regularly updating those items.