Introduction to cybersecurity ― tips for small business

Many of our daily activities are online today and rely on computers and computer networks. These everyday activities include tasks such as email, entertainment, navigation, shopping, banking, and other tasks. Our daily routines are connected in so many ways and as a result, can become easy targets for criminals and computer hackers.

Cybersecurity is a way to protect our computer networks, devices and data from unauthorized access and potential criminal activity. These security measures can help ensure that all data, computer network systems and devices remain private and confidential, with only authorized access, so that everyone can continue their daily activities without interruption.

Cybersecurity risks

Hackers:  These are people who look for weaknesses in software and computers.  Some hackers may simply be curious or up to simple mischief, while others may have a more malicious intent, such as stealing personal information, financial data, and passwords for their own personal gain.

Malware, spyware and malicious code: These are “infected” programs that can create serious problems for computer systems. Computer viruses, worms and Trojan Horses are examples of cybersecurity risks. These harmful programs may require an email link to be opened to infect a computer or computer network. Other malicious code may simply identify a software vulnerability and infect an entire system without even requiring someone to click on an attachment or document.

Outdated software and vulnerabilities: Cyber attackers often look for software vulnerabilities to change programming code and attach their malware or spyware into the system. That’s why regular software updates are so important, and that cyber risks are continuously monitored.

Cybersecurity measures and tips

  • Don’t open unexpected, suspicious, or unusual emails.
  • Don’t click on links or open attachments in emails, even if they look to be from a reputable source. Always assure the email is legitimate before opening it.
  • Use strong passwords and consider a multi-factor authentication program to help verify a user’s identity. Multi-factor authentication often requires a password, and then some other form of identification verification, such as a code texted to your phone.
  • Keep software and antivirus software up to date. Hackers consistently look for vulnerabilities in software. Outdated software can lack serious patches that help eliminate susceptibility for hackers.
  • Use a Virtual Private Network (VPN) and a firewall to protect against unauthorized and malicious users intercepting or exploiting your VPN connection.
  • Avoid unnecessary connections, especially for remote workers using their laptops at public locations, such as coffee shops or other places where the security network may not be protected.
  • Assure that computer or network access is provided to authorized persons only. Do not allow unlimited access to your computer systems for contractors or anyone that you do not know.
  • Restrict access to your employees to only the systems and networks they need for their work. 
  • Assure there are “time-outs” where the employees are automatically logged out of their computers whenever they are away from their desks. Unlocked and unattended computers can be easy targets for unwanted access to your network and computer systems.
  • Train your employees on the importance of cybersecurity. Assure they know when security updates will automatically occur on their computers. Assure that remote virus scans are conducted regularly on all computers connected to your network.
  • Backup critical data on a routine basis. Backups may occur daily for newly added information, and then more in-depth monthly backups for all critical data and to refresh sensitive information as needed.
  • Screen employees before hire and prior to giving them access to your computers and computer systems. Screening may include criminal history checks and credit history.


When a data breach occurs

  • Be sure to have a business continuity plan already in place. An updated and documented plan for any potential data breach will help you and your company address the situation in a timely and organized manner.
  • When the data breach occurs, consult with your IT team and data forensics experts to help you learn more about the breach and then try to immediately secure all related areas. This would include changing all access permissions right away and updating user credentials and passwords.
  • Check your company’s online presence and remove any information that may have been posted online because of the data breach and hack. 
  • When the immediate threat has been controlled, then work with your team to strengthen your computer systems and networks, identify any further vulnerabilities, and strengthen all other defenses against future attacks. Once a cybercriminal is successful, they may revisit your networks to see if they can do it again.

Additional resources

Many organizations and smaller companies may find the task of cybersecurity overwhelming and may not know where to start or what to look for. The Department of Homeland Security, Cybersecurity & Infrastructure Security Agency has developed a set of Cyber Essentials Toolkits for Leaders, Staff, Computer Systems, The Digital Workplace, Business Data and Crisis Response. These toolkits can be found through the following link: Cyber Essentials Toolkits | CISA.

You may also monitor current hacker activity, malware, and other cybersecurity threats through the US-CERT, along with information regarding security updates for various software applications: Current Activity | CISA.



This material is provided for informational purposes only and does not provide any coverage or guarantee loss prevention. The examples in this material are provided as hypothetical and for illustration purposes only. The Hanover Insurance Company and its affiliates and subsidiaries (“The Hanover”) specifically disclaim any warranty or representation that acceptance of any recommendations contained herein will make any premises, or operation safe or in compliance with any law or regulation. By providing this information to you, The Hanover does not assume (and specifically disclaims) any duty, undertaking or responsibility to you. The decision to accept or implement any recommendation(s) or advice contained in this material must be made by you.

LC 2022-225