Cybersecurity Best Practices: Secure Your Small Business on the Cheap

Laptop and mobile device

Steps your small business can take to provide major cybersecurity gains for relatively little time and money.

Small businesses are adapting quickly to our new work-from-anywhere world. But with increased flexibility comes additional cybersecurity risk. Just in the past year, over half of small businesses suffered data breaches. Fortunately, there are steps your small and growing business can take to provide major security gains for relatively little time and money.

As a fellow at the Aspen Tech Policy Hub and a security engineer at Salesforce, my work on cybersecurity solutions for small businesses has given me insight into what works and what doesn’t. Below are five ways small and growing businesses can protect themselves from cyber threats. These recommendations build on Jim Alkove’s tips to secure your remote environment, but are effective for any combination of remote work and reopening physical workplaces.

1. Block malicious websites before they target you

Set up your computer and phones to automatically block access to known malicious websites. We all (myself included) have accidentally clicked on a link to a malicious website. Wouldn’t it be nice if a free, easy-to-install service could stop your computer from even going to malicious sites?

Domain name system (DNS) platform tools like Quad9 do exactly that. DNS is like a phone book for the internet — it translates domain names (e.g. to Internet Protocol (IP) addresses that computers and other devices use. This changes the default settings of how a computer connects to the internet, making it so a malicious site can be immediately exposed and blocked.

Pro tip: Use a DNS platform tool to help prevent your computer or device from going to malicious websites.

2. Easily create and manage strong passwords through password managers and add an extra layer of security with two-factor authentication

Many people are familiar with the threat of a stolen, guessed, or otherwise compromised password, but password attacks are still commonly used by cyber attackers. Your first line of defense is to create strong passwords for all of your accounts. One way you can get help creating and managing strong passwords is to use a password manager app. Use a low-cost password manager that provides small business solutions, such as LastPass or Dashlane.

Pro tip: When you can, use two-factor authentication (2FA) for your digital accounts. 2FA requires you to use two identifiers to access your accounts, such as your password and your phone. So even if your password becomes compromised, you can keep bad actors out.

Keep it simple by implementing easy-to-use 2FA apps for your mobile devices including Salesforce AuthenticatorLastPass Authenticator, or Authy.

Use this infographic to learn more about how to create strong passwords and this graphic to learn more about 2FA.

3. Keep your applications up to date

Make sure you’re running the latest, most secure versions of your software. You’re probably thinking: I have to update — again? I get it. Even as a security professional, I’m often tempted to delay software updates. But I also know attackers love to target outdated software. Keeping your operating system and applications updated makes you a much harder target for bad actors to hit.

Pro tip: Schedule updates during times when you know you won’t be working on your computer. When updates run overnight or during coffee or screen breaks, they’re much less likely to disrupt your workflow.

Learn more about updating your applications.

4. Backup your data

Set yourself up to recover from cyber attacks that target your data. Ransomware is a type of malware or malicious software, that attempts to block users from accessing their data or devices. The software then demands a ransom payment to reinstate your access. Ransomware first came onto the scene around 2012 and has been causing headaches and scary stories of data loss ever since. Regular data backups are not only key in recovering from cyber attacks, they’re a critical part of any healthy business technology plan.

Pro tip: Schedule regular backups of your data so you will be able to recover if you run into bad actors. Hopefully, you’ll never need your backups, but you’ll be glad to have them if you do!

See this infographic to learn more about backing up your data.

5. Take advantage of free cybersecurity resources for small and growing businesses

Look for easy-to-understand small business cybersecurity resources that help you focus on what is most important. During my time at the Aspen Tech Policy Hub, I put together a consolidated set of resources that provides small businesses a quick way to start securing their businesses. For example, the National Institute of Standards and Technology (NIST) has a Small Business Cybersecurity Corner that helps you find cybersecurity resources. There are also several free services that evaluate your public website and alert you to any security weaknesses, like the Sucuri website scanner.

Pro tip: Take a small business risk assessment test to zero in on your security vulnerabilities so you can address them before they become liabilities.


Small and growing business owners are often stretched thin, wearing multiple hats and innovating quickly. Still, cybersecurity can’t be overlooked. A small investment made today can prevent a huge loss tomorrow of time, money, and potentially irreplaceable business data. Use the tips in this list to quickly and easily get started on securing your business from cyber threats.

Want to learn more about having a more secure platform? Watch our webinar “Quick Tips for Safeguarding Your Business’s Data with Salesforce” and find out how to meet compliance requirements and stop data breaches before they happen, so you can stay focused on growing your business. Watch it here.

Salesforce helps you find more customers, win their business, and keep them happy so you can succeed. Learn more about our small business CRM solutions by following us on TwitterLinkedIn, and Instagram.