Cyber security best practices for small business owners

A single cyber attack can disrupt your business, threaten the protection of data and personal information, harm your business’s reputation and cost your business money. Here are a few non-exhaustive, simple and practical cyber security tips to help your business protect data, preserve personal information and decrease cyber-related threats.

Cyber security awareness, education and training

Cyber security awareness, education and training helps your employees understand the risks involved when proper cyber security measures are not implemented or taken seriously. Provide privacy and security training that educates your employees on detecting and responding to cyber security incidents.1

Protect your devices against cyber threats like viruses and malware

To help protect devices from cybercrime threats, consider using anti-virus and anti-malware software on your computers and ensure that all software installed on your business’s network is updated regularly. You may also set the software to automatically install updates on all company devices and computers as they become available.

Back up data for enhanced privacy and security

Whether your business stores information on a cloud service, on-premises, or in a hybrid data center, back up all files to external hard drives that are not connected to the Internet. This can reduce the likelihood of future cyber security incidents and minimize the risk of malware destroying both business and personal data.2

Create strong passwords

Require that your employees create strong passwords, such as a phrase containing random words, letters, numbers and symbols. A strong password makes it more difficult for cyber criminals to hack into computers and steal sensitive and personal information. Remind employees that their work passwords on their computers and online platforms must be unique and changed periodically to help ensure constant cyber security and privacy protection.

Secure Wi-Fi networks

Ensure the password on your organization’s wi-fi network is changed from the service provider’s default and follows the same strong password guidelines as above. Secure your online network from cybercrime threats by providing visitors to your business who need to use the internet with access to a guest network. This cyber strategy adds an extra layer of privacy and cyber security by preventing said visitors from accessing your employee network and private or personal information. A virtual private network (VPN) can also provide your employees with secure internet access to your company network securely from their devices.

Secure your payment systems

Choose a bank or processor who uses the most trusted security tools and anti-fraud services. Consider keeping your payment systems isolated from other systems or platforms to avoid the malicious threat of cybersecurity breaches.

Provide firewall security for your internet connection

A firewall is a set of related cyber security programs that prevent outsiders from accessing data on your private network.3 Ensure your operating system’s firewall is enabled and properly configured in order to minimize cybercrime threats. If employees work remotely, encourage them to check that their internet systems maintain a high level of cyber security and are also protected by a firewall. To learn more about home network security for remote employees, visit

Control access to computers and devices

Control physical access to your computers and devices by creating a user account for each employee.4 Ensure that mobile devices and laptops are locked and protected by strong passwords when unattended. To ensure privacy and protect data, administrative privileges should only be given to trusted IT staff and key personnel.

To learn more about how you can protect your business from cybercrime and cyber attacks visit or talk to your insurance broker to learn more.







This blog was originally provided by The Boiler Inspection and Insurance Company of Canada (“HSB Canada”). Permission was granted to Aviva Canada Inc. (“Aviva”) to repurpose content for the Cyber Blog Series.  The content in this article is for information purposes only and is not intended to be relied upon as professional or expert advice. Aviva and HSB Canada make no warranties or representations as to the accuracy or completeness of the content herein. Under no circumstances shall Aviva or HSB Canada or any party involved in creating or delivering this article be liable to you for any loss or damage, whether direct or indirect, that results from the use of the information contained herein. Except as otherwise expressly permitted by HSB Canada and Aviva in writing, no portion of this article may be reproduced, copied, or distributed in any way. This article does not modify or invalidate any of the provisions, exclusions, terms or conditions contained in either HSB Canada or Aviva policy and endorsements.

Copyright in the whole and every part of this site belongs to Aviva, unless otherwise indicated, and may not be used, sold, licensed, copied or reproduced in whole or in part in any manner or form or in or on any media to any person without the prior written consent of Aviva.