On this page

Have any questions about workplace relations?

Employsure can help you better understand.

Cyber Security for Small Business Owners: All You Need To Know

Published March 17, 2021 -
Employee pointing out that the data is secure.

Most headlines about data breaches usually focus on large corporations. While it is true that these companies suffer significant cyber-attacks, most of the businesses targeted by hackers are usually small businesses. Why? Because they often lack extensive resources to protect themselves against a cyber-attack.

You may not have the same level of protection as large corporations, but you can enhance your business’s cybersecurity. 

Here’s all you need to know about cyber security and small businesses.

Note: The following is only the general recommendation of Employsure. For further advice on cyber security, seek out an industry professional.

Cyber Threats Key Areas

The following is a list of key areas where cyber threats can take place. These key threats may also help you better understand where your businesses needs the most improvement in cyber security.

Malicious Software (Malware)

Malware is a collective term for software including viruses, ransomware and spyware, coded by cybercriminals. It is used to gain access and control, or to spy on your computers. The malware is used for malicious purposes such as theft, pranks, espionage and other serious crimes.

Scam Emails (Phishing)

This is where cybercriminals mimic a legitimate institution (such as a bank) that the small business knows, in the form of an email, luring them into giving out sensitive information.


Ransomware is a software that is sent to a small business’s computer, locking it until a ransom is paid. The malware is usually sent via a legitimate-looking email, which, once it’s opened, allows the scammers to lock you out of your computer. The cybercriminals then demand an amount to be paid to restore access.


This is where cybercriminals gain access to a small business’s computers and files from an outside location. Hacking mostly targets credit card and bank account information.

What’s The Impact Of An Attack?

There are three main ways that a cyber-attack can impact your small business: financially; by damaging your reputation; or legally.

Financial Impact

The business can lose money either by sending it to fake accounts or recovering information stolen from the company.

After the discovery of the breach, the business will also spend money to correct or replace the affected networks and devices.

Reputation Impact

Building a strong relationship between your business and its customers and suppliers is vital for the success of the business. An attack could damage the reputation of your business, leading to the loss of customers or essential suppliers.

Legal Impact

Privacy and Data Protection Laws require the business to keep all personal data on its employees and customers safe. An attack that exposes this information may lead to fines and other regulatory sanctions on the business. You will also incur legal fees in case a suit is filed against you.

What Can You Do To Protect Your Business From Cyber-Attacks?

1. Train Employees

The best way to protect your small business against a cyber-attack is to have vigilant and alert employees. They should be trained on how to treat business information, how to manage and set better passwords, cyber security measures taken by the company and what to do in case a breach occurs or when they suspect it has.

2. Perform a Risk Assessment

Your business should be able to identify, analyse and evaluate risk by performing a risk assessment. This helps you to put in place the appropriate controls to deal with any cyber security risks.

Inviting a cyber security expert to help you undertake a risk assessment at your workplace is probably the best option for small business owners.

3. Keep Software Updated

Cybercriminals try to find loopholes and vulnerabilities in software to help them access or spy on the business’s files and documents. They then target the vulnerability, using malware to infect your computer, gain control and access your company data.

To deal with such attacks, software manufacturers periodically release updates to fix any weak points in their software. This is why it’s important to keep all the software on your company machines updated.

4. Backup Your Files

All important functions of the business rely on data stored in the company database, which is why hackers often target company data.

Viruses and hacker interference makes your company data susceptible to manipulation or even deletion from your central database. It can also be subject to ransomware, where the attacker encrypts the business data and asks for money to give back access.

5. Set Up Login Authentication Regularly

Restricting access to the business’s online information and resources requires you to set up authentication processes. Basic authentication requires a username and a password to gain access to the resource. Still, you can add additional layers of security by using the two-factor authentication (e.g. you a texted a code to enter when logging-in) and third-party authentication.

Limiting access to crucial data keeps it safer from cybercriminals, as they cannot access it easily. You should also encourage your employees to change their passwords frequently and not to use one password for all their accounts.

6. Engage a Cybersecurity Company

A cyber security company or expert can help design and implement security protocols for your business network, ensuring it is safe from cyber-attacks. They can improve security for your data and systems by putting up firewalls, enforcing authentication protocols and controlling who has access to your data. 

Questions To Start Asking Yourself

Do Your Employees Use Multi-Factor Authentication To Login To All Systems?

Merely using a username and password to login to your business’s online resources is not enough. Adding a layer of security ensures your data is safe, even when a hacker gains access to a user’s login details.

Are Your Employees Trained on How to Spot Malicious Emails?

Your employees are your first line of defence when it comes to phishing attacks. Their ability to differentiate an authentic email from a scam can prevent such attacks from happening.

Do You Have Regular Security Checks on Your Systems?

Keeping your systems secure is not a one-time job. A very secure system today can have a massive vulnerability tomorrow. Perform regular risk assessments to your systems and networks to ensure any new vulnerabilities are addressed before cyber criminals can exploit them.

Employsure can help you manage your business and your employees with BrightHR and BrightSafe software. Call us for free initial advice on 0800 568 012.

This blog has been compiled on the basis of general information current at the time of publication and reflects an opinion only and is not intended to provide anything other than an opinion at any timeYour specific circumstances as well as any changes in circumstances after publication may affect the relevance, completeness or accuracy of this information. To the maximum extent permitted by law, we disclaim all liability for any errors or omissions contained in this information or any failure to update or correct this information. It is your responsibility to assess and verify the accuracy, completeness, currency and reliability of the information on this website, and to seek professional advice where necessary. Nothing contained on this website is to be interpreted as a recommendation to use any product, process or formulation or any information on this website. For clarity, Employsure does not recommend any material, products or services of any third parties. 

Call now

Call our team to receive free initial advice on any workplace relations topic.

About Employsure

Employsure is one of New Zealand’s largest workplace relations advisers to small- and medium-businesses, with over 5,000 clients. We take the complexity out of workplace legislation to help small business employers protect their business and their people.

Frequently Asked Questions

  • Why Do Small Businesses Need Cyber Security?

    They are more vulnerable to cyber-attacks since most big companies channel extensive resources to defend themselves against the attacks. This makes targeting small businesses an easier option for hackers and other cyber criminals.

  • How Does Cyber Security Help Businesses?

    Cybersecurity protects your company data and files by reducing the threat of cyber-attacks. Your business is protected from the negative financial, reputational, and legal impacts of an attack.

  • How Do You Maintain Cyber Security?

    You can maintain cybersecurity by:

    • Training your employees
    • Performing risk assessment on your system and networks regularly
    • Keeping the software used in your business computers updated
    • Backing up your files
    • Using login authentication to access online resources within the business
    • Engaging a cybersecurity company.
  • Can I Learn Cyber Security On My Own?

    Yes. You can learn and implement simple forms of cybersecurity on your own. A cybersecurity company can, however, help you learn and implement more complicated forms of cybersecurity effectively.

  • Why Are Firewalls Important For Business?

    Not everyone with an internet connection should be able to access your business data. A firewall prevents hackers from accessing your information and prevents the use of online business resources without the business’s owner’s permission.

  • What Should Be In A Cyber Security Policy?

    A cybersecurity policy should include information on controls such as:

    • The security programs implemented.
    • How and where the business data will be backed up
    • The software updates and patches and how they will be applied
    • The responsibility and duties of parties involved in cybersecurity
  • What is the Most Common Type of Cyber Attack?

    A malicious software (Malware) attack is the most common type of cyber-attack. Other common attacks include phishing (scam email) and ransomware attacks.

  • How Do I Create A Cyber Security Plan?

    Steps for creating a simple cybersecurity plan for your business are as follows;

    • Identify the key stakeholders in your security plan.
    • List your IT Assets, i.e. your networks, storage, servers and devices.
    • Come up with your protection methods, e.g. use of firewalls.
    • Find threat detection measures that will protect your IT Assets.
    • Research on best practices on cybersecurity.
    • Create procedures to handle potential threats
    • Train your employees on cybersecurity
    • Regularly assess your potential problems and update your procedures to deal with new threats.

Have a question?

Have a question that hasn't been answered? Fill in the form below and one of our experts will contact you back.

  • This field is for validation purposes and should be left unchanged.

Call Now

0800 568 012

Live Chat

Click here