Many security experts recommend using passwords of eight or more characters that include letters, numbers, punctuation and special characters like a dollar sign. It's also prudent to create different passwords for every account. Kaiser says people who reuse the same one are at a greater risk because if one password is stolen, a cybercriminal can use it to access the person's other accounts. For added protection, consider implementing a system requiring employees to change their work password on a regular basis (e.g., every 60 days). You can test the strength of a password using Microsoft.com's password checker.
Some programs offer two-step authentication. Gmail.com users, for example, can select this extra layer of security, which means when signing into Google, they must enter their username and password and then provide a code that was sent to their phone via text message.
Secure the office Wi-Fi network. Changing the password to the office's wireless network periodically can help protect against cybercriminals, Kaiser says. A number of companies also periodically rename the network for security purposes. (A rule of thumb: Don't call it the company name.)
Hicks advises small businesses to use Wi-Fi with Wireless Protected Access 2 technology for up-to-date encryption. With older technology like Wired Equivalent Privacy, he says "almost anyone can go online and find software that will automatically break into [the network]."
Don't fall prey to phishing email. Threatening emails sometimes slip through spam blockers. Some of these messages look identical or close to a company's real email format. "You have to assume the adversary knows something about you," Hicks says.
Small business owners can adjust their behaviors to account for this threat using simple verification. When you receive an invoice from a vendor, consider calling the supplier directly to confirm the email is legitimate. It's an extra step, but it could prevent your system from being hacked.
Purge sensitive data periodically. Steingruebl says small businesses shouldn't continue storing sensitive information they no longer need. For example, an employer may have pulled a worker's credit report when he or she applied for the job, but Steingruebl says most companies have no further use for such information. However, that information can fall into the hands of cybercrooks if not properly disposed of.
Keep a watchful eye. Implementing these practices across company machines and devices, including desktop computers, laptops, cell phones and tablets, and frequent monitoring for suspicious activity is vital to protecting your small businesses from cybercriminals.