Sixty-one percent of cyberattack victims in 2017 were small businesses, and with twice as many ransomware attacks occurring since 2017, small businesses must be well prepared for a potential data breach. This includes educating employees on cyber safety, as employees can often be a company’s greatest cybersecurity weakness.

You can learn more through the National Cyber Security Alliance’s CyberSecure My Business initiative, a national program designed to help small businesses become safer and more secure online through in-person, highly interactive and easy-to-understand workshops. It is based on a framework established in 2013 by the National Institute of Standards and Technology that aims to reduce risks to the nation’s critical infrastructure.

The framework takes a “best practice” approach to analyzing and mitigating risks and recommends five steps that any company can take to address cyber threats. The five steps are:

1. Identify

Take inventory of your valuable assets that are of greatest importance to your business and would be most valuable to criminals, such as employee, customer and payment data.

2. Protect

Assess what measures you need to have in place to be as protective as possible against a cyber incident.  

3. Detect

Have systems in place that would alert you if an incident occurs, and allow employees to report problems.

4. Respond

Make and practice an incidence-response plan to contain an attack and maintain business operations in the short-term.

5. Recover

Know what to do to return to normal business operations after an incident or breach, including assessing any legal obligations.

On a day-to-day basis, businesses can improve their online safety practices by following these four tips:

1. Keep a clean machine

Having the latest security software, web browsers and operating systems in your business are the best defenses against viruses, malware and other online threats.

2. Protect information

Secure accounts by adding two-factor authentication and making passwords long, strong and unique. For example, using pass phrases — such as “Maryhadalittlelamb” or “herfleecewaswhiteassnow” — can be a good way to create a stronger password as well as make it easier to remember.

3. Protect the company’s online reputation

Set security and privacy settings to your comfort level of sharing.

4. Educate employees

Teach your employees basic best practices. For example, if an email, social network post or text message looks suspicious — even if you know the source — delete it. Have regular training sessions and cybersecurity updates for all employees, whether long-term, temporary or part-time.

By working to protect their valuable data and creating a culture of cybersecurity in the office, businesses will be much better prepared for a potential cyberattack.