15 cybersecurity tips for small businesses
A rise in cyber fraud means taking extra precautions to protect your business and digital customers
A digital shift in how we buy and sell has helped small businesses reach new customers and increase productivity and efficiency. Customers are also finding digital shopping more convenient (and safer during a pandemic) than traveling to physical stores. E-commerce on Visa’s network grew by more than 50 percent since the start of the pandemic and peer-to-peer payments have more than doubled. But this rise in digital payments comes at a cost: an increase in sophisticated cyberattacks. More than 80 percent of global companies experienced increased cyber threats during the pandemic with most experiencing downtime during peak season as a result.1
As a small business owner, you can outsmart these growing threats with a cybersecurity strategy that protects your business, your employees and your customers. Here’s how:
- Keep your money safe. Online banking can be a convenient and secure way to manage your company finances. However, you want to make sure your account remains private and secure by taking extra precautions.
- Use unique and strong passwords. Create a unique, new password for each of your business-related accounts that differs from your personal password. These should be somewhat random with a mix of characters and capitalization (avoid using personal information). Do not store your login details in your online banking or mobile app.
- Don’t conduct business on a public Wi-Fi. Logging into your accounts while connected to public Wi-Fi can expose your business to criminal activity. For your workplace Wi-Fi, make sure it is secure and hidden from unauthorized users. Set up your router so the network name isn’t broadcast externally and always password-protect it.
- Choose two-factor authentication. This security measure requires that you take an extra step to log in beyond your password, such as receiving a security code to your phone or email that allows you to sign into your account from an unfamiliar device. Ask your bank if they offer this service or download a free authenticator app.
- Beware of suspicious emails. You may receive an email that looks like it’s from your bank or a trusted company, but it is actually malicious. These phishing emails may ask you to sign into your account (with a website that looks just like your bank’s website) or email back business information, and then use that information to log into your account and steal your money. Always use the phone number on the back of your debit or credit card to verify with your bank or visit your banking website rather than send any information through an email.
- Install and update antivirus software. Make sure your computer has antivirus software and set it up to run a regular virus scan. Change your passwords if you do encounter a virus. Install other key software updates as soon as they are available to keep malware or other fraudulent activity at bay.
- Train your employees on cybersecurity. Create basic security protocols for employees, such as requiring strong passwords, two-factor authentication, and appropriate Internet use guidelines – with penalties for violating company policy. Train them on spotting phishing scams too.
- Protect access to business computers. Lock up laptops when unattended and make sure each employee has a separate user account with a strong password. Be discerning when trusting someone with administrative privileges and do not provide any one employee with access to all data systems. Employees should not be able to install any software without your permission.
- Enable your operating system's firewall. A firewall prevents outsiders from accessing data on a private network. If employees work from home, make sure that their work computers are firewall-protected.
- Protect business mobile devices. Require employees to password-protect their business devices and install security apps to prevent criminals from stealing information while the phone is on public networks. Create reporting procedures for lost or stolen equipment.
- Backup important business data. Regularly back up your data on all computers (automatically or at least weekly). Save all of your essential financial and business documents on the cloud or an external hard drive located in a separate location from your business.
- Prevent payment fraud. Isolate your payment systems from other programs that may be less secure and don't use the same computer you use to browse the Internet to process payments. When setting up payment acceptance, ask your bank or processor about their anti-fraud services, such as enabling CVV checks (the 3 or 4 digit numbers on the back of cards) and transaction risk scoring. One such service, Visa Advanced Authorization, leverages real-time data to predict fraud and has prevented an estimated $26 billion in fraud in 2021.
- Accept tokenized payments. Tokenized transactions, such as via Apple Pay, Google Pay, and Samsung Pay, are proven to reduce fraud by replacing card numbers with unique tokens versus exposing actual card numbers. Tokenization has led to a 2.5 percent increase in approval rates and 28 percent reduction in fraud rates.
- Protect consumer data. It is critical to protect customer data whenever you accept digital payments, especially as most financial activity now occurs in the cloud. Ask your payment acceptance provider about their consumer protection services. For example, Visa’s Cloud Token Framework helps to enhance security and increase approval rates for digital transactions across a variety of payment experiences and devices.
- Reduce internal payment risks. If you have a business credit card, ask if your issuing bank offers platforms to help control spending and usage, such as Visa’s Payment Controls, which is particularly helpful if employees are charging business expenses. Carefully track your business finances and expenses too to protect your business from fraud and internal theft.
Learn more about security for small businesses at Visa.com.