Think hackers only go after big corporations? Think again. Over 50% of cyberattacks now target small businesses, according to the 2024 Verizon Data Breach Investigations Report.
Why? Because small businesses often don’t have the budget or staff to maintain strong security, making them an easy target.
Even worse, the U.S. Chamber of Commerce reports that 60% of small businesses close within six months of a cyberattack. That’s a serious business risk.
If you reuse the same password everywhere or keep them in a sticky note stack… we need to talk.
Use a password manager like 1Password, Bitwarden, or Dashlane. These tools generate and store secure, unique passwords.
Don’t rely on memory or your browser—those are much easier to compromise.
Make your master password strong and private.
Extra resource: FTC: How to create strong passwords
Two-Factor Authentication (2FA)—or Multi-Factor Authentication (MFA)—is a simple but powerful step to block intruders.
If someone steals your password, 2FA can stop them from logging in by requiring a second form of verification.
Where to use it:
Your email
Online banking
Client portals (like mine—just ask and I’ll turn it on)
QuickBooks Online
Google Workspace, Dropbox, and other cloud apps
Use an app like Authy or Google Authenticator instead of text messages when possible.
Helpful guide: CISA’s MFA Quick Sheet
Phishing scams are emails designed to trick you into clicking bad links or giving up login info.
Red flags:
“Urgent” wire transfer requests
Unfamiliar senders or addresses
Weird-looking links (hover over to preview!)
Spelling errors and poor grammar
If you’re not sure, don’t click—call the sender directly to verify.
Bonus: Forward suspicious emails to [email protected]
Learn more: FTC on phishing
If your team is logging in with a shared username and password, you’ve created a cyber risk AND an accountability mess.
Instead:
Use individual logins for every user.
Set role-based access permissions.
Disable former employee access immediately when they leave.
You’ll stay safer—and know who’s doing what in your systems.
Security isn’t just about online tools—it’s also about your gear.
Checklist:
Operating system is up to date
Antivirus software is running
You’re using a modern browser (Chrome, Firefox, etc.)
Your phone and computer have screen locks
Especially important if you’re logging into QuickBooks, Gusto, or client portals from a personal device.
Guide: CISA's Cyber Essentials
Cloud services like Google Drive and Dropbox are great—but they’re not backup systems. Files can still be lost, deleted, or corrupted.
Tips:
Export your financial data monthly
Keep a copy offline or on an external drive
Test your backups (restoring is the real test)
Ask yourself: who has access to your systems right now?
To-do list:
Review user lists in your software every 3 months
Remove access for past employees or contractors
Make sure only necessary users have admin rights
Cybersecurity is a business responsibility, not just something your tech guy handles.
I’m here to help—not just with your books, but with keeping your data safe.
✅ Need help enabling 2FA in your portal?
✅ Want a recommendation for a password manager?
✅ Unsure if your QuickBooks access is secure?
Just reach out. Let’s keep your business safe while you grow.
Greg Cullup
The Numbers Guy, LLC
www.thenumbersguy.biz
Copyright © 2025 The Numbers Guy, LLC |
Chattanooga, TN | 877-849-4046