Why Small Businesses Are Prime Targets

Think hackers only go after big corporations? Think again. Over 50% of cyberattacks now target small businesses, according to the 2024 Verizon Data Breach Investigations Report.

Why? Because small businesses often don’t have the budget or staff to maintain strong security, making them an easy target.

Even worse, the U.S. Chamber of Commerce reports that 60% of small businesses close within six months of a cyberattack. That’s a serious business risk.

1. Passwords: Your First Line of Defense

If you reuse the same password everywhere or keep them in a sticky note stack… we need to talk.

• Use a password manager like 1Password, Bitwarden, or Dashlane. These tools generate and store secure, unique passwords.

• Don’t rely on memory or your browser—those are much easier to compromise.

• Make your master password strong and private.

Extra resource: FTC: How to create strong passwords

2. Enable 2FA Everywhere You Can

Two-Factor Authentication (2FA)—or Multi-Factor Authentication (MFA)—is a simple but powerful step to block intruders.

If someone steals your password, 2FA can stop them from logging in by requiring a second form of verification.

Where to use it:

• Your email

• Online banking

• Client portals (like mine—just ask and I’ll turn it on)

• QuickBooks Online

• Google Workspace, Dropbox, and other cloud apps

Use an app like Authy or Google Authenticator instead of text messages when possible.

Helpful guide: CISA’s MFA Quick Sheet

3. Watch Out for Phishing Emails

Phishing scams are emails designed to trick you into clicking bad links or giving up login info.

Red flags:

• “Urgent” wire transfer requests

• Unfamiliar senders or addresses

• Weird-looking links (hover over to preview!)

• Spelling errors and poor grammar

If you’re not sure, don’t click—call the sender directly to verify.

Bonus: Forward suspicious emails to [email protected]

Learn more: FTC on phishing

4. Stop Sharing Logins

If your team is logging in with a shared username and password, you’ve created a cyber risk AND an accountability mess.

Instead:

• Use individual logins for every user.

• Set role-based access permissions.

• Disable former employee access immediately when they leave.

You’ll stay safer—and know who’s doing what in your systems.

5. Keep Your Devices Updated (Yes, All of Them)

Security isn’t just about online tools—it’s also about your gear.

Checklist:

• Operating system is up to date

• Antivirus software is running

• You’re using a modern browser (Chrome, Firefox, etc.)

• Your phone and computer have screen locks

Especially important if you’re logging into QuickBooks, Gusto, or client portals from a personal device.

Guide: CISA's Cyber Essentials

6. Back It Up (Cloud ≠ Backup)

Cloud services like Google Drive and Dropbox are great—but they’re not backup systems. Files can still be lost, deleted, or corrupted.

Tips:

• Use a cloud backup service like Backblaze or iDrive

• Export your financial data monthly

• Keep a copy offline or on an external drive

• Test your backups (restoring is the real test)

7. Audit Access Quarterly

Ask yourself: who has access to your systems right now?

To-do list:

• Review user lists in your software every 3 months

• Remove access for past employees or contractors

• Make sure only necessary users have admin rights

Final Thought: This Isn’t Just “IT Stuff”

Cybersecurity is a business responsibility, not just something your tech guy handles.

I’m here to help—not just with your books, but with keeping your data safe.

✅ Need help enabling 2FA in your portal?
✅ Want a recommendation for a password manager?
✅ Unsure if your QuickBooks access is secure?

Just reach out. Let’s keep your business safe while you grow.

Greg Cullup
The Numbers Guy, LLC
www.thenumbersguy.biz