Small Business Tips

Cybersecurity Tips for Your Business and Your Employees

July 15, 2025by Alex Strautman

Every day, businesses face a growing number of security threats, both physical and digital. And cyber risks are only getting more common.

In fact, a 2023 survey from the Cybersecurity & Infrastructure Security Agency (CISA.gov) found that nearly 73% of small and mid-sized businesses experienced a data breach, a cyberattack, or both in the previous 12 months. That was in spite of 70% believing they were ready to defend against such an attack.

That’s why it’s important to take simple steps now to protect your business, your employees, and your customers in the future.

Here’s an easy-to-follow checklist to help get started:

1: Keep Your Devices Safe

(Protecting computers, phones, and tablets)

  • Install and update antivirus software on all work devices. This will help block viruses, ransomware, and other cyber threats. Good options include Bitdefender, Norton 360, or Microsoft Defender Antivirus (previously known as Windows Defender), which is built into most Windows systems. Whatever program you choose, make sure you update it often and have it turned on for all users.
  • Consider a managed security service like CrowdStrike, IBM, or SentinelOne. These firms monitor your systems for suspicious activity around the clock. They can detect attacks early and act quickly. Ask your IT team or service provider if you already have something like this — or if there is a need to add it.

2: Make Email Safer

(Avoid scams, prevent mistakes)

  • Use spam filters to catch phishing emails before they reach your or your employees’ inboxes. While most email providers like Microsoft Outlook and Google Workspace include built-in filtering, you can add layers with services like Mimecast, Barracuda, or Proofpoint for enhanced protection.
  • Encrypt emails when sending sensitive data, especially for anything involving Protected Health Information (PHI). Tools like Virtru or Webroot Advanced Email can automate this for you.
  • Use Data Loss Prevention (DLP) tools to stop accidental leaks (like SSNs or health records sent to the wrong person). Microsoft 365 or Google Workspace often have this built in, or you can use options like Symantec DLP or Digital Guardian. If you’re unsure about whether you may already have a DLP, ask your IT team or email your service administrator.

3: Control Who Has Access

(Strengthen login security and manage permissions)

  • Use Multi-Factor Authentication (MFA) for all accounts. A strong password only gets you so far and adding MFA takes you to another level. MFA means users need both a password and a one-time code via their phone or text. Tools like Microsoft Entra multifactor authenticator, Google Authenticator, or Duo Security are easy to set up and work with most platforms.
  • Regularly review user access. Every few months, check who has access to what. Update or remove permissions as needed. This can often be managed directly in your systems (like Google Admin, Microsoft 365, or, perhaps, by your HR platform). It is especially important to disable access immediately when someone leaves your organization.

4: Keep Software Updated

(Don’t ignore update reminders – they matter!)

  • Always install updates right away. Software updates fix security gaps that hackers may attempt to exploit. This includes your computers’ operating system, browsers (like Chrome or Edge), antivirus tools, apps, and plugins.
  • Turn on automatic updates wherever possible. Most devices and apps have this option in their settings under “System” or “Security & Updates.”
    • If you don’t have an IT department, assign someone on your team to check for and install updates weekly. This is especially important on shared or business-critical devices:
    • PCs: Patch My PC (for Windows) can help automate updates across programs.
    • iPhone: Settings > General > Software Update
    • Android: Settings > System > Software Update
 5: Back Up Your Data

(Recover faster if something goes wrong)

  • Back up files regularly. Use a remote, cloud-based server or encrypted external drive. Services like Backblaze, CrashPlan, and Carbonite are built for business backups and are easy to manage. For home-based computers, iCloud, Google Drive, Microsoft OneDrive, and Dropbox are popular.
  • Test your backups. Every few months, restore a file to make sure everything is working. Backups that cannot be restored are of no help during an emergency.
6: Train Your Team

(Help everyone understand the risks – and know how to respond)

  • Provide security awareness training. Online vendors like KnowBe4, Curricula, or Proofpoint offer courses to teach employees how to spot scams and properly handle sensitive information.
  • Make PHI rules easy to understand. Share clear policies on your intranet or employee portal. Use examples and real-world scenarios to show what “good” looks like. (Just don’t include any PHI in the process.)
7: Have a Plan for Breaches

(Know what to do before something happens)

  • Create a step-by-step response plan. Outline who to contact, how to isolate a problem, and what to report. There are templates available online or your IT/security vendor can help you draft one tailored to your setup.
  • Run drills. Practice your breach plan once or twice a year so your team is not trying to figure things out for the first time during an actual incident.
8: Get a Security Checkup

(Engage a professional to find weak spots before a hacker does)

  • Schedule a cybersecurity risk assessment at least once a year. A trusted IT firm or managed security provider can do this and will alert you to things like unpatched software, weak passwords, and unsecured data.
  • Act on your results. Use the annual report to build a security improvement plan for your organization. Even minor changes — like better password policies or updated permissions — can lead to improved results next time.
Want More Help?

Cyber threats are real, but protecting your business doesn’t have to be complicated. A few smart changes now can save you time, money, and headaches later.

Start small, stay consistent — and help your employees do the same.

 

 

Get a Quote
in 3 Easy Steps

Complete the contact form, a member of our team will reach out to get more information, and we will create a customized quote based on your needs. It’s that simple!

previous
Why Voluntary Benefits Make Sense for Your Business

Shopping for group health insurance?

This guide compiles a list of common questions you may have before you start offering health insurance coverage.
Get a Copy
https://mycalchoicestg.wpengine.com/wp-content/uploads/2023/09/CC_8858-19-MyCalChoice-FAQ-and-cover_FIN_Page_1-scaled.jpg
https://www.mycalchoice.com/wp-content/uploads/2022/06/CalChoice.png
Why CaliforniaChoice
Who We Are
Health Plans
Blogs/Article
Why CaliforniaChoice
Who We Are
Health Plans
Blogs/Article
https://www.mycalchoice.com/wp-content/uploads/2025/03/r2-HITRUST-Badge_Stacked-Outline-1.png
https://www.mycalchoice.com/wp-content/uploads/2023/08/OC.TWP_Badge.Horiz_.Color_-1.png
https://www.mycalchoice.com/wp-content/uploads/2024/08/BPTW_2022-24-e1724866832388.png
HITRUST CSF Certified Logo
https://www.mycalchoice.com/wp-content/uploads/2023/08/OC.TWP_Badge.Horiz_.Color_-1.png
Best Places to work Logo

© 2024 CaliforniaChoice a CHOICE Administrators Program |  Terms of Use | Privacy Notice

Visit us on social networks

Visit us on social networks