secure business data

These Are The 6 Things You Must Do Right Now To Secure Your Company’s Data

Gene Marks

I have a client who was the victim of a ransomware attack. As a result of this attack, all her files were locked and encrypted. She was told that if she paid $100, she would get a “key” with a special code to decrypt her files. They wanted the $100 to be paid in Bitcoin. She didn’t know what to do. However, the ransomware attackers provided a toll-free number for her to call.

You heard right. A toll-free number. To call the ransomware attackers. So she did. “They walked me through the entire process,” she told me. “They were actually really nice. Even better than the customer service I receive from other big companies.”

Yeah, that’s a true story. Ransomware has become such a huge industry ($4 billion a year according to the Federal Bureau of Investigation) that the people orchestrating these attacks literally have customer service departments.

If your business hasn’t been the victim of a ransomware attack, or a “phishing” scam (for example, your CEO is impersonated on an email asking for confidential information), or a malware attack that creates havoc on your platform just for fun, you’re lucky. So far.

According to Verizon’s 2020 Data Breach Investigations Report, 28% of the breaches in 2019 involved small businesses. And in another terrifying statistic provided by security firm Purplesec, the victims of cybercrime were up more than 600% in 2020 due to the pandemic.

Data security was a huge issue before COVID. And now it’s an even bigger problem because so many employees have been — and will continue to be — working from home. Home computers that are shared with other family members — particularly kids on social media — are not exactly the most secure environment.

Once a device is compromised, your network is compromised. If your network is compromised, your customer data can be breached or files locked down or stolen. The result: potential lawsuits and interruptions or even termination of your business.

So what can you do? Here are six things you need to do immediately.

1. Buy security software. There are plenty of good choices out there like Avast, MalwareBytes (which is what we use), and Bitdefender. But make sure this software is installed on all devices used by your employees, even their home devices. Better yet, hire an outside IT firm to monitor and ensure that the applications are updated.

2. Setup online backup. Make sure your databases — cloud or otherwise — are backed up multiple times per day. Use cloud services like Barracuda, Carbonite or IDrive. This way if you are attacked, you have the option to wipe everything clean and restore from your last good backup.

3. Get training. We need to be able to better identify “phishing” emails and other potential threats. The only way to do this is through regular training. Hire an IT firm to do this for your employees or consider using training software like KnowBe4, Infosec IQ, and Proofpoint.

4. Re-visit passwords. Require your employees to use password management software like Keeper, LastPass, or Dashlane and to create long, complicated passwords. Also, and most importantly, make sure there’s multi-factor authentication to access anything on your network. That way, your employees will have to use a combination of passwords and random codes generated by text messages. The best way to accomplish this is to talk to your IT firm or company hosting your data.

5. Update everyone’s operating systems. This could be the most important item on the list. Why? Because Microsoft, Apple, and Google — the top three makers of operating systems — frequently issue updates to their systems that include the most recent security protections. Unfortunately, people sometimes ignore these updates because they’re annoying. But don’t let this happen. Updates need to be required, and again, you may need the services of an IT firm to make sure this is being done.

6. Get cyber insurance. The sad fact is that none of the above actions are foolproof, and cybercriminals are always going to be one step ahead. So when all else fails, having protection for the liabilities — and potential business interruptions — caused by theft or fraud is your best bet.

These are the things that businesses are doing in 2021 to protect their data. And, as mentioned above, while none are foolproof, the more obstacles you put in the way of the cyber thieves, the higher the chance they’ll get frustrated and move on to easier pickings.

Oh, and my client who called the attacker’s customer service department? She’s fine. Although she did have another question a few days later and tried calling them again. Unfortunately, the number was disconnected. Go figure.

Next Steps: Want to learn more? Sign up for the Small Biz Ahead newsletter to receive a weekly roundup of the latest tools, trends, and resources.

16 Responses to "These Are The 6 Things You Must Do Right Now To Secure Your Company’s Data"
    • AB | September 1, 2022 at 3:27 pm


      Great article!

      You cite using an IT firm; As a small business we are always looking for good IT companies but it’s a shot in the dark.

      Would you be willing to consider an article on how to find a good IT company for a small business?

      Thank you so much!

      All the best!

      • Small Biz Ahead | September 6, 2022 at 12:12 pm

        Yes! We can definitely look into creating an article on finding IT companies. Thank you for sharing that!

    • Marcus Pun | August 30, 2022 at 9:09 pm

      Security plus archiving.

      At least different physical locations for data. It used to be one cloud backup, that recommendation has been upped to 2 cloud backups. Different companies.

      • Small Biz Ahead | August 31, 2022 at 8:24 am

        Thank you for sharing your insight, Marcus! We appreciate the comment.

    • Chris Lindsay | August 30, 2022 at 4:31 pm

      My business was a victim of a ransomware attack in 2016 that requested $500 in Bitcoin. I certainly could have used a “customer service number” then. Great list though and even after being hit I can always use a refresher. Thanks for posting!

      • Small Biz Ahead | August 31, 2022 at 8:25 am

        You’re welcome, Chris! Thanks for the comment!

    • Lino Villalobos | September 22, 2021 at 1:13 pm

      What about popular programs like Norton 360, McAfee, and others? Do they give real protection or not?

      • Gene Marks | September 28, 2021 at 8:22 am

        They do but they’re not perfect. You need to combine a security software with other practices shared in this article like keeping your OS current.

    • Anna | August 26, 2021 at 9:13 am

      Very informative and helpful

      • Small Biz Ahead | August 27, 2021 at 1:22 pm

        We’re so glad you liked it. Thanks for commenting!

    • Anna | August 26, 2021 at 9:13 am

      Thank you!!!

      • Small Biz Ahead | August 27, 2021 at 1:22 pm

        You’re welcome, Anna!

    • Patrick Feigelson | August 20, 2021 at 3:15 pm

      Nice insight. Thank you!
      Does The Hartford provide cyber insurance? If yes, to whom to talk? Thank you!

      • Small Biz Ahead | August 23, 2021 at 7:56 am

        You’re welcome, Patrick! We do offer cyber insurance. You can find more information here:

        You can also talk to our representatives at 855-440-1078

    • Rick Shaw | August 18, 2021 at 1:06 am

      The 6 suggested actions are all good, but the cyberattacks these days are changing often and regular information security training programs are struggling to keep people updated with more sophisticated phishing attacks – even though people know phishing emails are dangerous.

      Lessons learned reveal more innovative approaches are needed to address the most common targets and gaps (people) and this approach is called “Patching People.” Similar to patching software and systems, zero-day attacks require immediate and as needed patches to software for PCs, systems, and devices that can take place automatically and as needed.

      Patching People is a proven and more effective way to securely make people aware of new attacks and like patching software, it is critical to be able to “look up” each individual to make sure they have been updated with the latest version of awareness. Sharing the most updated phishing attack – but not sharing as yet another email – is critical to helping busy and distracted employees and third-party service providers prevent many different types of cyberattacks.

      • Small Biz Ahead | August 18, 2021 at 10:33 am

        Thank you for sharing, Rick! We appreciate the insight!

Leave a Reply

Disclaimer: Comments are subject to moderation and removal without cause or justification and may take up to 24 hours to be seen in comments. Your email address will not be published. Required fields are marked * Please do not include personal policy information; if you have questions or concerns regarding your policy with The Hartford, please log into your account or you can speak directly to a Customer Service Representative.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.