a lock on a keyboard to demonstrate the importance of cyber hygiene

It won’t have escaped the attention of any small business owner that cybersecurity and cyber hygiene are some of the hottest topics in the business world right now. Websites and the data they contain are becoming increasingly valuable, especially as many small businesses rely more totally on their website. Crucially, the most prominent attack techniques, such as ransomware, thrive on a website’s value to the business rather than the data it contains.

Threats are also becoming highly automated. Most attackers don’t require any kind of human intervention to identify vulnerabilities. Indeed, they leave that identification up to automated software, only stepping in when a viable target is identified.

Any business can become a viable target. Unfortunately, being a small business offers no immunity, and the automated nature of finding targets means that software takes no account of how large or small an operation might be.

Fortunately, while the threat is real, there are multiple steps a business can take to ensure that they’re well prepared in the event of an attack.

What is Cyber Hygiene?

Cyber hygiene is a term covering best practices and activities to ensure the safety of a company’s online presence, digital communications, and anything else that relies on technology.

Just as personal hygiene involves keeping people healthy and protecting them from viruses, the same principles apply to the cyber equivalent. It’s all about keeping computers, networks, websites, and other technologies in excellent condition and ready to withstand any attacks should the need arise.

What Kinds of Cyber Threats Can Small Business Owners Expect?

As noted, the size of a business plays virtually no part in a company’s susceptibility to cyber attacks. As such, anything from the cybersecurity world that reaches mainstream news could become a worthy consideration.

One recent example was the Colonial Pipeline ransomware attack, which resulted in a massive ransom payment and even the declaration of a state of emergency. In addition, streaming platform Twitch experienced a significant data breach in October 2021, which saw around 135 gigabytes of internal data published online.

While a small business cyber attack is unlikely to lead to a state of emergency, the threats are genuine and might include:

Phishing Attacks

Over 90% of cyber attacks on small businesses begin with a spear-phishing attack, named due to their targeted nature. Automated email is easily abused, and all it takes is one absent-minded employee clicking an unsafe link for a broader-scale attack to begin.


Most business owners are aware of viruses and trojans, which were already a concern before the widespread adoption of the internet in business. Malware is a broad term for both and other kinds of malicious software – hence the name. It’s often designed to provide access to internal systems or to steal or destroy data.


As noted already, ransomware attacks are growing fast. Cybercriminals are drawn to this type of attack because the potential payout is often linked not to what a company’s data is worth on the black market but what that data is worth to the business itself.

Insider Threats

Most small business owners trust their employees, and rightly so. In most cases, a small workforce is a close-knit team all pulling toward the same goals. However, insider threats describe not only those with malicious intent but also anyone on the inside that makes a mistake. Over 90% of successful cyber attacks involve human error at some stage in the process.

Maintaining Cyber Hygiene

In a time when people have been advised to wash their hands thoroughly at every opportunity, there’s every reason for small business owners to treat cyber hygiene just as habitually.

Even businesses without the resources to hire a dedicated security team can take steps to prepare for the worst by maintaining their cyber hygiene in the following ways:

Education and Training

As cyber threats evolve, it’s crucial to ensure that people, the lifeblood of any organization, have the latest information on what to look out for. The stats on human error above are telling, and a hygienic organization should ensure that team members have every chance of cutting off an attack before it spirals out of control.

Making Backups a Habit

Some attacks are costly, while others are merely inconvenient. Many target data in some form or another. Backups are neither expensive nor time-consuming, but they will ensure that a business has at least one other copy of anything that could prevent them from operating to their full potential. At the very least, a robust backup strategy can minimize downtime while an attack is addressed.

Deploying a Recovery Plan

Many businesses struggle with cyber attacks because they panic and freeze when they happen. Without a specific course of action, they waste valuable time, which may worsen the situation. Even having an emergency procedure to disconnect devices and restore vital data can help any small business avoid becoming one of the 60% that never recover from a cyber attack.

Embracing Technology

While humans initiate most cyberattacks, they’re particularly reliant on technology. Small businesses shouldn’t be afraid to fight fire with fire. The battle between attackers and security professionals will likely be eternal as each tries to remain ahead of the other. However, any tech defenses are better than none, and that means using firewalls, antimalware, password manager, and other widely available tools to make any attack more difficult.

Calling in the Experts for Cyber Hygiene

While a smaller business may not have the resources for a dedicated security team, they can likely benefit from outsourcing some of their security provision. Various options make sense, given that the average cyber attack costs small businesses over $25,000.

If a website sits at the center of operations, then a Vervology.Care plan could be the next security step. Designed to keep sites online and protected against malicious actors, every plan includes daily backups, uptime monitoring, and regular website updates. More than 50% of compromised WordPress sites had out-of-date themes and plugins at the time of a successful attack, so the value of keeping things current cannot be underestimated.

There’s a Vervology.Care plan for sites of all sizes, with options for additional backups, dedicated security plugins, expert priority support, and more.

Sign up for Vervology.Care directly to ensure your site is protected, or reach out to the Vervology team to find out more about how we can keep your site secure and your business operating to its full potential.