Basic small business cybersecurity

Hi folks!

Every week, I share a practical hands-on guide on running your small business better.

Today’s topic: How to set up basic cybersecurity for your business.

And I mean basic — hopefully, you’re doing these already, but use this list as a gut check.

Let’s get into it.

Regardless of your business, there are a handful of common-sense measures worth taking. 

But you’d be amazed at how many small businesses have passwords on post-it notes. 

The risk? 

Financial loss, obviously. But also customer trust, or legal trouble depending on what data is compromised. And cybercriminals often target small businesses because they tend to have weaker defenses.

So here’s a list of simple measures you should make sure your business has in place.

1. Secure passwords

Weak passwords are one of the biggest vulnerabilities of a lot of businesses. 

My top tip? Use a password manager (like 1Password, Bitwarden, Lastpass — there are lots) to store and generate secure passwords. 

The biggest benefit: your employees don’t actually need access to the passwords themselves.

2. Protect your files / data

A couple of things you can do here. 

If you have stuff on the cloud, make sure it’s encrypted — Google Workspace, Microsoft OneDrive, or Dropbox Business all encrypt your files by default. 

If you have stuff on local storage, encrypt / password protect it with tools like BitLocker (Windows) or FileVault (Mac). That way if someone walks off with a company machine, you’re still protected.

Then, back up data regularly to prevent permanent loss in case of an attack. Store backups in at least two locations—one in the cloud and one offline.

3. Control access to information

Not every employee needs access to all company data. Follow the Least Privilege Principle:

• Grant employees access only to the data they need for their job.

• Conduct quarterly audits to ensure access permissions are up-to-date.

• Immediately revoke access for departing employees to prevent security gaps.

Using a password manager makes this easy for two reasons: first, you can grant/restrict your employees don’t actually see the passwords, so when someone leaves all you need to do is revoke their password manager account. 

4. Turn on automatic software updates

Plenty of security gaps get ignored just because people don’t update their stuff. 

It’s a pain once in a while, but worth it overall. 

5. Train your employees on cybersecurity

Phishing scams, suspicious emails, other social engineering — this stuff can be pretty sophisticated these days, so make sure your staff knows what to watch for. (You can run a free phishing test here.)

—

This is a starting point. Of course, if your business handles highly sensitive information, you should do a lot more — starting with hiring a cybersecurity consultant to do a risk assessment. 

That’s it for today! Thanks for reading, and stay safe out there.

Michael

P.S. Scalepath has full playbooks on small business cybersecurity (as well as how to optimize your tech stack), plus dozens of other topics. Members are chatting in Slack every day, helping each other find the answers to all their small business questions. 

If you’re running a business doing over $500K in revenue… we’ve got your tribe. Apply to join Scalepath today!

MORE WAYS I CAN HELP YOUR BUSINESS

💡 START → ​The Low-Risk Business (ebook)
Get the 5-step framework I've used to build multiple businesses from scratch. 40 pages of hands-on, practical guidance.

📈 SCALE → join ​Scalepath ​
Connect, learn, and grow your business with expert guidance, vetted community, detailed playbooks, and other resources. For businesses making $500K+ in revenue.

🌎 HIRE → talk to ​Near ​
Meet your hiring needs with top-tier Latin American talent for 70% less than US staff. My team at Near takes care of all the headaches. Get in touch today.