Since almost all businesses now use at least a few computers or online accounts in some capacity, this means malware poses a threat to your business as well. These malicious programs, which range from viruses and ransomware to spyware and Trojans, can steal sensitive data, disrupt operations, incur financial costs, and damage your reputation. 

Fortunately, you don’t need to be a tech expert to take strong steps against malware. Follow our practical tips to safeguard your small business.

1. Understand the threat landscape 

Many business owners assume that cybercriminals only target large corporations, but small and medium-sized businesses are often favored targets because they’re seen as more straightforward to breach. You don't need to become a cyber expert, but taking a few moments to learn about malware and current threats every month will pay off. Look into how cybercriminals typically infect machines with malware, such as phishing, malicious websites, or outdated software. It’s important to know your digital footprint by inventorying your network, devices, and software. This helps you understand where your data is and how it is protected. Pay attention to any software running on your network that is remote desktop or remote access software, which can be used to gain access and install malware when they aren’t updated or configured correctly. Generally, opt to disable remote access wherever possible. 

2. Secure your network 

Your business network is the digital doorway into your systems. Protect your router by changing the default password. Look into purchasing a firewall – these are either devices or software programs that are a barrier between your internal network and potential threats from the internet. Make sure your firewall is configured to monitor all traffic, including through email, cloud apps, and media streaming. Most routers used by small businesses and in home offices include built-in firewalls. Review the settings and ensure the firewall is turned on. Many business ISPs offer this as a part of their internet service packages, and they can also be a resource during setup to ensure the firewall is setup correctly. Also, keep the router’s firmware updated – ideally, set up automatic updates. Finally, note the end-of-life timeline of the router. Router manufacturers stop supporting old hardware, so make sure you know when your device has stopped receiving support. Replace devices that become obsolete.   

3. Invest in multilayered security programs 

Today, security requires a multifaceted approach, and most high-quality security tools protect you in several ways. Use a combination of anti-malware, anti-ransomware, and endpoint detection and response (EDR) tools that can detect and block a wide range of threats. An MSP (managed service provider) can help a ton here, too. Choose reputable software that regularly updates its threat database and offers automatic scans. Some tools can even flag vulnerabilities in your current systems before they’re exploited. 

4. Keep software, devices, and systems updated 

Cybercriminals exploit known security flaws in outdated software. Ensure your operating systems, applications, plugins, and drivers are always up to date. We recommend that you enable automatic updates whenever possible. It's worth the time it takes to update.  

5. Encrypt sensitive business data 

Even if your systems are breached, encryption will protect your data. Encryption converts readable data into a code that requires a digital key to unlock. Use encryption tools for sensitive files, customer information, financial records, and cloud storage. Many operating systems and software platforms now offer built-in encryption features, but you should make sure they’re activated. 

6. Protect physical devices 

Lost or stolen devices like laptops, USB drives, or company smartphones can expose your business to serious risk. Secure your physical workspace with locks, alarm systems, and surveillance cameras. Use full-disk encryption and strong login credentials (strong passwords and MFA) for all hardware, and enable remote wipe features when you can.  

7. Create a cybersecurity policy 

Develop a written cybersecurity policy that includes rules for internet use, data handling, software installation, and reporting suspicious activity. You don't need to be dictatorial – we have lots of resources that are friendly and easy to understand. NIST also has helpful resources for small businesses. Educate your team regularly with trainings and clear communication about evolving threats. 

8. Require long, unique passwords 

Weak passwords are an open door for attackers, especially if they are reused. Require your employees to use strong, unique passwords for all business accounts. Passwords need to all be 16 characters long, unique to their accounts, and a random mix of letters, numbers, and symbols. Start using a password manager at your company to help your people generate and securely store their passwords. Nowadays, you should consider going passwordless by using passkeys. Single sign-on and biometric MFA also are very secure methods to adopt.  

9. Have a response plan 

No system is 100% "hackproof." Before you have a malware or hacking incident, have a plan in place! Create an incident response plan so you’re prepared if malware does get through. Define steps for identifying an attack, containing the damage, notifying affected parties, and restoring operations. Assign roles and responsibilities. You can even rehearse your response like a fire drill. 

10. Regularly back up your data 

Backups can be a lifesaver in a malware attack, especially in the case of ransomware. Back up essential files daily or weekly, depending on your business needs. Store backups in at least two locations, such as an external hard drive as well as a secure cloud service. Protect these backup locations with security controls. 

You can fight back against malware 

Small businesses are attractive targets for cybercriminals, but you aren't powerless. Take proactive steps to protect against malware and educate your team, and you dramatically reduce your risk. You can learn more by signing up for our newsletter or taking part in our program built specifically for small businesses – CyberSecure My Business!