Detroit Regional Chamber > Small Business > Cybersecurity for Small Businesses

Cybersecurity for Small Businesses

February 2, 2024

Security threats to information systems and the number of network intrusions have increased greatly in the past few years. Any small business with a broadband Internet connection needs to guard against becoming a cyber-crime victim.

Here are seven simple, effective steps that small business owners and network administrators can take to protect their systems.

  1. Implement a firewall: A firewall is a barrier that keeps hackers and viruses out of computer networks. Firewalls intercept network traffic and allow only authorized data to pass through.
  2. Develop a corporate security policy: Establish a corporate security policy that details practices to secure the network. The policy should direct employees to choose unique passwords that are a combination of letters and numbers. Passwords should be changed every 90 days to limit hackers’ ability to gain possession of a functioning password. When someone leaves the company, immediately delete the user name and password. The corporate policy should outline consequences for network tampering and unauthorized entry.
  3. Install anti-virus software: All computers should run the most recent version of an anti-virus protection subscription. Ideally, a server should be configured to push virus updates out periodically to all client systems. Employees should be educated about viruses and discouraged from opening e-mail attachments or e-mail from unknown senders.
  4. Keep operating systems up to date: Upgrade operating systems frequently and regularly install the latest patches or versions of software, which are often free over the Web. If using Microsoft Windows, check periodically for the latest patches. If using Apple, please visit
  5. Don’t run unnecessary network services: When installing systems, any non-essential features should be disabled. If a feature is installed but not actively used, it is less likely to be updated regularly, presenting a larger security threat. Also, allow only the software employees need to do their job effectively.
  6. Conduct a vulnerability test: Conducting a vulnerability test is a cost-effective way to evaluate the current security program. This test highlights flaws and limitations in the program, and experts can offer suggestions for improvement. The best method for conducting a vulnerability test is to contact a computer consulting company and provide access to your system for a day or two. This will provide ample time for network appraisal and follow-up discussion and planning.
  7. Stay informed about network security: Below are a number of resources to learn more about how your business can avoid cyber attacks and network intrusions.
    • 9 Cyber Security Tips for Small Business Owners: The Small Business Administration gives their 9 essential tips for every small business owner to prevent becoming a cyber-crime victim.
    • Cybersecurity for Small Business: The Federal Communications Commission provides multiple resources for small business owners including an online guide to developing a company-wide cybersecurity plan.
    • Michigan Cyber Security Range: The Michigan Cyber Security Range enables businesses to conduct exercises and simulations that will test the detection and reaction skills of participants in a variety of cybersecurity situations.
    • Lohrmann on Cybersecurity & Infrastructure: Daniel Lohrmann is the Chief Security Officer for the State of Michigan. His blog, Government Technology, details the best tips to implement cybersecurity programs.
    • Top 20 Critical Security Controls: The SANS Institute specializes in internet security training. SANS provides a continually updated “Top 20 Critical Security Controls” in order to educate businesses about the latest threats to cybersecurity.
    • Cyber Criminals are Getting Smarter, Organized and More Sophisticated: This article examines the new methods cyber criminals are utilizing to hack individuals in the business world, featuring screenshots and specific examples.