Cyber Security Top Tips for Small Business Success and Growth

cyber security small businesses

For most of us, we don’t think of cyber security for small businesses. Our thoughts typically turn to high profile cases such as the Sony Pictures Entertainment hack and the Edward Snowden NSA leaks. Highly visible instances of valuable data being leaked.

But what does cyber security mean to the average small business?

Judging by my conversations, there’s a prevailing attitude that Cyber Security is a concern for large businesses only.

After all, don’t those committing cyber security crimes want to go after the big fish rather than the minnows?

Cyber Security for Small Businesses

Unfortunately for small businesses, that definitely isn’t the case. Almost weekly, I hear from a Managed Service Provider (MSP) that a Small and Medium (SMB) sized client has suffered a serious cyber security breach.

And I do mean serious.

We’re not talking a small interruption to business. The cases I’m hearing about typically involve the entire business’ IT infrastructure being taken off-line.

This means the owner and their IT provider scramble to stem the damage and restore order. And then there’s the post-breach audit of the data protection breaches.

According to PwC, the average cost of a small businesses worst breaches costs between £65,000 and £115,000 on average.

For the average MSP, how many of your clients could afford that type of impact?

Not many, I suspect.

Quote on a space background with quote saying

Cyber Security, Small Businesses and the Impact on MSPs

The impact of poor cyber security for small businesses is, of course, high for the client themselves. But it’s worth being aware of the impact on the MSP who is serving them too.

At best it’s highly stressful for those involved, and at worst can have serious consequences. It can impact an MSP’s ability to deliver projects to other clients and have a knock on effect that lasts for weeks.

So what can MSPs do to mitigate the risk to their clients businesses and in turn, their own business?

There are three broad areas in which MSPs can help their clients become more savvy with cyber-security — tools, policies and education.

Do small businesses understand the impact of cyber security? Here are some top tips from @tubblog to start the conversation. Click to Tweet

Train Small Business Employees on Cybersecurity

Cyber Essentials is a UK Government-backed, industry-supported scheme. It educates SMBs on cyber security and how to protect against threats. If you’re a UK IT business and haven’t got involved — then you should.

But educating clients to the threat of Cyber Security for Small Businesses is an MSP’s role too:

  • Share information with your clients through your written, online and in-person communications
  • Throw lunch’n’learns to demonstrate how to stay safe on-line
  • Offer your help as an IT professional to the local police force

Quote on a space background with quote saying

Anti-Virus as a Cyber Security Solution for Small Businesses

Anti-Virus software sits in the background and silently protects client workstations. It also proactively alerts the IT supplier to any emerging issues.

Viruses are not the only threat any more — rootkits, malware, phishing, web threats are too.

Many MSPs inherit all manner of Anti-Virus software from clients. As IT provider, find a single-licence product that:

  • Takes care of PCs and Macs
  • Protects servers and workstations
  • Can be managed from a single web-based management console
  • Automatically discovers and deploys to new network computers
  • Deploys remotely to machines that aren’t permanently within the office

A quick look at the AVTest – the Independent IT-Security Institute – shows Bitdefender Small Office Security, created by Bitdefender Antivirus, is the best performing corporate product.

The Anti-Virus market is very competitive.

Whichever Anti-Virus product you choose, make sure to choose a product and stick with it across your clients, rather than leaving your clients to choose their own product.

Patch Management

Any MSP worth its salt should implement a Remote Monitoring and Management (RMM) product.

Remote visibility of all of your clients infrastructure is an investment, not a cost. I can highly recommend Atera and SuperOps for great RMM solutions. Whichever RMM you choose,  invest time in configuring the vulnerability scanning and alerting.

Make sure you understand how to effectively deploy patches.

Many MSPs I know shy away from these features taking a “If ain’t broke, don’t fix it” approach. That’s how products miss patch updates and leads to vulnerabilities being exploited.

Learn how to use the patch management options in your preferred RMM tool. You will reap rewards when you need to rapidly deploy a hotfix or flag a new vulnerability.

Firewalls as Cyber Security for Small Businesses

Most SMBs have a hardware firewall, but many are badly configured through neglect or overly complex configurations.

As an MSP, make sure you:

  • Regularly audit the IP ports open on a firewall
  • Check which users are allowed VPN access
  • Close any ports you open to make a quick fix
  • Deactivate any VPN access given to an external contractor
  • Standardise on a firewall product that your staff are trained on and familiar with
  • Schedule regular audits of your clients’ firewalls
  • Backup router configurations regularly
  • Ensure the firewall is protecting your client appropriately

Quote in speech bubble saying

Backup and Disaster Recovery

Most small businesses believe a disaster is something that happens to someone else. They think a ‘disaster’ is an earthquake or flood, not a system fault.

An SMB could suffer from a Cryptolocker virus that wipes out their data. And the only way to prevent it is to pay a criminal.

There’s also the possibility of a disgruntled employee deleting critical client files. These are the more mundane, but very real, disasters that affect small businesses worldwide and daily.

As an MSP, don’t tolerate clients who penny pinch with antiquated tape or rotated USB drive backup routines. Any human element such as swapping tapes or drives inevitably leads to failed backups when you need them the most.

Help your clients invest in an automated backup and disaster recovery solution. This will help them get back online quickly and effectively when they need it. Educate your clients that the most valuable element of their business is not hardware, but data.

And it should be protected.

Most small businesses believe a disaster is something that happens to someone else. They think a 'disaster' is an earthquake or flood, not a system fault. @tubblog shares some cyber security tips to protect your MSP. Click to Tweet

Mobile Devices

As an MSP, does your business have a policy in place for mobile devices? The tablets, smartphones and laptops that your engineers access client data on?

If you don’t have a mobile device policy in place, then implement one now. Lead by example, and then educate your clients that they need a mobile device policy in place too.

Mobile Device Management is a technical issue that strays dangerously close into HR territory for most small businesses. For instance, what if you remote-wipe a mobile device holding business and personal data?

While these issues might be difficult and not always about technology, they are an opportunity for MSP’s to step beyond being seen as just the “IT guy.”

Instead, they position themselves as being a real business advisor to their clients.

Quote giving cyber security tip for small businesses,

Administrator Accounts

Do you help your clients limit authority to install software, or do you take short cuts?

Sometimes it’s quicker to elevate an end-user to administrator access to resolve an issue.

Limiting the administrative access your clients’ employees have access to is a solid way to mitigate risk of dodgy software being installed and causing untold grief.

And don’t give way to the MD asking for admin access on his laptop. Because you may then have to deal with a virus that’s been installed by accident.

Strong Passwords

Make sure all of your clients have a password policy.

It should remind employees to use strong, complex passwords. And to change these regularly. It’s not that difficult. Password managers such as LastPass mean that your client stops using the same password on all sites. And they don’t need to remember lots of passwords, either.

Two-Factor Authentication is now the standard at cloud companies. If your clients have a smartphone, they can use 2FA easily. A tool like Authy can also help.

Again, it’s all about educating the small business client. Demonstrate how easy it is to use strong passwords.

Highlight the pitfalls to your small business clients in not doing so.

While most small businesses believe cyber security doesn't apply to them, the reality is that SMBs are being impacted every single day. Click to Tweet

Quote on space background saying


While most small businesses believe cyber security doesn’t apply to them, the reality is that SMBs are being impacted every single day.

As an IT Solution Provider or Managed Service Provider (MSP), your job is to educate your clients about cyber security and the risks of neglecting to protect themselves.

Because at the end of the day, when — not if — a cyber-security breach happens, the impact will not only have a devastating effect on them, but your business too.

Summary image, listing cyber security top tips for small business success

You Might Also Be Interested In


  • Richard Tubb2019-08-05 15:07:17

    Thanks, Arpita! Cybersecurity is crucial for *all* businesses, regardless of size. The criminals make no allowance for whether you are big or small!

  • Arpita Biswas2019-08-05 14:22:24

    Nice and very insightful post! Thanks for sharing Richard. Cyber Security is most crucial for small to large scale businesses, specifically when all businesses are going mobility and adapting mobility programs. Employees use company-owned devices or personal devices (BYOD) at work and access corporate data and information through open and vulnerable networks. Mobility Management Solutions are essentially required, which secures and allows management remotely.

  • Richard Tubb2015-04-28 15:01:40

    Aiden -- thanks for the feedback!

  • Aiden Smith2015-04-28 06:23:35

    very well explained, i like your point where you have mention about the backup and data recovery. Most of the people running small business do not give much importance to their data backup unless and until they face big trouble.

  • Richard Tubb2015-03-25 08:31:14

    Chris - thanks for the kind words. I know you and the team at Vermont work hard to keep your clients safe!

  • Richard Tubb2015-03-25 08:30:35

    James - thanks for the feedback. You're right, content filtering an important piece of the puzzle in keeping clients safe. I'll check the comment box issue. Thanks for sharing with me.

  • Chris Ward2015-03-24 20:34:46

    Great post Richard. Exactly the right stuff we need to talk to clients about, and it's something they are generally bothered about. So there's an opportunity ...

  • James Kimbley2015-03-24 09:20:51

    Your blog post missed out the best and most effective way to control security and that is control of the DNS with tools such as Umbrella - which will successfully block Cryptolocker and similar ransomware. Remote wipe of mobile devices is not a problem anymore with cloud office services such as Google Apps. Business data is kept in its own sandbox and away from employees personal data. P.S the tab button does not work when filling in the comments boxes - hit tab and you get taken to filling in newsletter details.

Reader Interactions

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Send this to a friend