Small businesses are moving quickly to adapt to new market realities. While agility has always been a small business advantage, this fast shift to digital work may leave your business vulnerable to cybersecurity threats. From transitioning employees to work-from-home to shifting to an online ecommerce business model, expanding your small business’s digital footprint brings additional risk.

Over half of small businesses suffered data breaches in the past year. But there are steps your small business can take to provide major cybersecurity gains for relatively little time and money. 

As a fellow at the Aspen Tech Policy Hub and a security engineer at Salesforce, my own work on cybersecurity solutions for small businesses has given me insight into what works and what doesn’t.

Below are five ways small businesses can protect themselves from cyber threats. These recommendations build on Jim Alkove’s tips to secure your remote environment, but are effective for any combination of remote work, reopening physical workplaces, and ramping up ecommerce efforts.


1. Block malicious sites before they target you

Set up your computer and phones to automatically block access to known malicious websites. We all (myself included!) have accidentally clicked on a link to a malicious website. Wouldn’t it be nice if a free, easy-to-install service could stop your computer from even going to malicious sites? Domain name system ( DNS) platform tools like Quad9 do exactly that. DNS is like a phone book for the internet. It translates domain names (e.g. to Internet Protocol (IP) addresses that computers and other devices use.

Pro tip: Use a DNS platform tool to help prevent your computer or device from going to malicious websites.

Here’s more information on how to block malicious sites.


2. Make it easy to create and manage strong passwords through password managers and add an extra layer of security with two-factor authentication

Many people are generally familiar with the threat of a stolen, guessed, or otherwise compromised password. Yet, password attacks are still commonly used by cyber attackers. Your first line of defense is to create strong passwords for all of your accounts. One way you can get help creating and managing strong passwords is to use a password manager application. Use a low cost password manager that provides small business solutions, such as LastPass or Dashlane.

Pro tip: When you can, use two-factor authentication (2FA) for your digital accounts. 2FA allows you to use an additional method to prove it is you that is logging into your accounts. It can protect your account even if your password is somehow compromised. And, implement easy to use 2FA apps for your mobile devices including Salesforce Authenticator, LastPass Authenticator, or Authy

Use this infographic to learn more about how to create strong passwords and this graphic to learn more about 2FA.


3. Keep your applications updated

Make sure you’re running the latest, secure versions of your software. You’re probably thinking: I have to update — again? I get it. Even as a security professional, I’m often tempted to delay software updates. But I also know attackers love to target outdated software. Keeping your operating system and applications updated makes you a much harder target for bad actors to hit.  

Pro tip: Schedule updates during times when you know you won’t be working on your computer. When updates run overnight or during coffee or screen breaks, they’re much less likely to disrupt your workflow.

Learn more about updating your applications.


4. Backup your data

Recover from cyber attacks, like ransomware, that target your data. Ransomware is a type of malware, or malicious software, that attempts to block users from accessing their data or devices. The software then demands a ransom payment to reinstate your access. Ransomware first came on scene around 2012 and has been causing headaches and scary stories of data loss ever since. Regular data backups are not only invaluable in recovering from ransomware and other cyber attacks, they’re a critical part of any healthy business technology plan. 

Pro tip: Make sure to schedule regular backups of your data so you will be able to recover if you run into bad actors. Hopefully you’ll never need your backups, but you’ll be glad to have them if you do!

See this infographic to learn more about backing up your data.


5. Take advantage of free cybersecurity resources for small businesses

Look for small business cybersecurity resources you understand and that help you focus on the most important cybersecurity activities first. During my time at the Aspen Tech Policy Hub, I put together a consolidated set of resources that provides small businesses an easy way to start securing their businesses. For example, the National Institute of Standards and Technology (NIST) has a Small Business Cybersecurity Corner that provides a start for finding cybersecurity resources. There are also several free services that provide vulnerability scans for your public website and alert you to any security weaknesses, like the Sucuri website scanner.

Pro tip: Take a small business risk assessment test to zero in on your security vulnerabilities so you can address them before they are a liability.



Small business owners are often stretched thin, wearing multiple hats and making things despite a lack of resources. Still, cybersecurity can’t be overlooked. A small investment made today can prevent a huge loss — of time, money, and potentially irreplaceable business data — tomorrow. Starting with the tips on this list won’t take you long, and will give you a great start on securing your small business from cyber threats.

Want to further understand data security? Read our article, What Small Business Owners Should Know About Data Security, in the Essentials Resource Center.

Salesforce helps you find more customers, win their business, and keep them happy so you can succeed. Learn more about our small business CRM solutions by following us on Twitter, LinkedIn, and Instagram.

For more business and leadership inspiration, check out our entire Leading Through Change series.