Nearly half of “small businesses had at least one cyber-attack in the past year,” according to the 2018 Hiscox Small Business Cyber Risk Report. Now more than ever, keeping your customer’s data safe is critical to your business success.



This past year, I saw just how easy it can be for your small business to have a data breach.


Let me give you a little background. In October, I was asked by executives from the Microsoft Store to participate in a video demonstration in Los Angeles to show how vulnerable most small businesses are to cyberattacks. We asked Sean Etesham and Richard Idigo, the founders of Quants Bakery (and Microsoft Store customers) to participate, and they agreed.



Quants Bakery, a subscription-based online vegan bakery, has large collections of customers’ personal data - just like any web-based subscription service - but they were confident in their cybersecurity. “We hired a third-party vendor to handle security and we thoroughly vetted them first,” Idigo said. “On top of that, we use a Virtual Private Network (VPN) in order to hide our IP addresses and encrypt our internet connections. So yes, we really believe in security.”


On a sunny October day, I sat down with Etesham and Idigo to perform a cybersecurity demo they won't soon forget. Microsoft Store security expert Eric Leonard had “spoofed” their website, duplicating the site exactly with the exception of one letter in the URL that was unnoticeable. became, and their data was breached. When Etesham logged in to the spoofed site, it gave the “hacker” access to whatever was needed to potentially compromise the business.


(You can watch the short video of what happened that day, here.)


This is a hugely important lesson for small businesses. But what does this experience tell you? Well for one, that hackers have the ability to do whatever it takes to get your customers’ data. It also shows the security you have now may need some reinforcements.


So, what can you do, as a small business owner, to keep customer data safe and secure?


Install a cybersecurity software suite


Cyber threats are always evolving, which makes security software especially appealing. These software suites are updated to fight the latest cybersecurity threats and ensure the safety of your business so you don’t have to. PC Mag lists its top choices of 2019 for cybersecurity software suites as Symantec, McAfee and Bitdefender. The cost ranges from anywhere to $50-$150.


Train your staff on cybersecurity protocol


Avoid what happened to Etesham and Idigo by training your staff. What signs should they look for? They need to know what a phishing scam is, how it works, and what your cybersecurity rules are. Tailor them specifically to your business: what are the data that needs protecting, and how can we ensure its protection?


Enable two-factor authentication


Two-factor authentication is an extra layer of protection intended to ensure the people accessing your data were given permission to have that access. This means that after you log in to a site, you receive either an email or a text with a designated code (i.e., the second authentication.) When you receive the code, you can gain access to the information. Cybercriminals cannot duplicate this method of authentication, which makes it a favorite for keeping cyberattacks at bay.


Don’t forget to have strong passwords


You know this, but do you do it? Changing your password may be frustrating, but it truly is one of the best things you can do to protect your business. Strong passwords mean that a hacker is less likely to retrieve your data. In many cases, a password generator may be your best bet in maintaining your cybersecurity, as it uses combinations that would be tricky for a cybercriminal to guess.



Make sure you have a security expert on hand


If you can’t afford an IT staffer, you can use a third-party vendor to help maintain good cybersecurity.


Unfortunately, in this day and age, you can’t afford to not to be protected. Luckily, with all the tips we’ve listed here, you are well on your way to maintaining your customer’s data safely.


Get more information and tips in our Fraud and Privacy Resource Center.



About Steve Strauss


Steve Strauss Headshot New.pngSteven D. Strauss is one of the world's leading experts on small business and is a lawyer, writer, and speaker. The senior small business columnist for USA Today, his Ask an Expert column is one of the most highly-syndicated business columns in the country. He is the best-selling author of 17 books, including his latest, The Small Business Bible, now out in a completely updated third edition. You can also listen to his weekly podcast, Small Business SuccessSteven D. Strauss


Web: or Twitter: @SteveStrauss

You can read more articles from Steve Strauss by clicking here


Bank of America, N.A. engages with Steve Strauss to provide informational materials for your discussion or review purposes only. Steve Strauss is a registered trademark, used pursuant to license. The third parties within articles are used under license from Steve Strauss. Consult your financial, legal and accounting advisors, as neither Bank of America, its affiliates, nor their employees provide legal, accounting and tax advice. Bank of America, N.A. Member FDIC.  ©2019 Bank of America Corporation

Similar Content