• Home
  • Practical Cybersecurity Advice for Small Businesses

Practical Cybersecurity Advice for Small Businesses

Practical Cybersecurity Advice For Small Businesses West Michigan
Post Date: May 28, 2025

Practical Cybersecurity Advice for Small Businesses

A gazelle living in Africa doesn’t have to be the fastest to outrun a lion, it just has to be faster than the slowest gazelle.

This metaphor not only applies to African wildlife but also to cybersecurity implementation.

As a small business, you don’t necessarily have to lead the pack with the latest and most advanced cybersecurity tools and training. Still, you don’t want to lag so far that your organization is an easy target and succumbs to a data breach or cybersecurity attack.

Cybersecurity implementation can be overwhelming and costly if not done right. It’s important to start small and address the security issues most likely to affect your organization before implementing fancy and expensive solutions.

In other words, lock your doors before you start barring your windows.

Let’s discuss five practical tips to improve your organization’s security posture so you aren’t the “slowest gazelle.”

1.) Security Training: Stay Alert, Stay Secure

According to a report by SlashNext, credential phishing attacks surged by 703% in the second half of 2024, and phishing attacks overall saw a 202% increase during the same time.

Why? Because it’s the path of least resistance.

It’s much easier to trick one employee into giving an attacker their credentials than it is to bypass security measures like firewalls, intrusion detection systems and antivirus software.

Practical Cybersecurity Advice For Small Businesses West Michigan

So, what does security training mean?

  • Train: Educate your employees regularly on what to look for.
  • Test: Send fake examples of what malicious emails could look like on a regular basis.
  • Talk: Even if you can’t afford a testing and training service, you can talk to your employees about email security.

Ultimately, security training is about keeping security top of mind. You want your employees to be skeptical of any email they receive and use their training to figure out whether an email is legitimate or malicious.

2.) Multifactor Authentication: Make Good Choices

All multifactor authentication (MFA) solutions are not created equal. While any sort of MFA is better than no MFA at all, there are preferable MFA solutions.

These three factors ensure you are implementing good MFA versus MFA.

  1. Authenticate daily: Don’t allow your employees to check a box that keeps them logged in for 30 days or any set period. Reauthenticating regularly protects against unauthorized access.
  2. Use an app: Email or text MFA is inherently less secure, as attackers can hijack those requests. Apps on devices cannot be stolen.
  3. Use number matching: Typing two to six numbers on your phone is easy to do and lessens accidental button taps that happen when you have an MFA solution that only requires you to push one button.

Additionally, because attackers will send URLs that redirect you to fake Microsoft login pages, you can customize your Microsoft login page to avoid these kinds of attacks.

This way, if you click a link that takes you to a generic Microsoft login page, you know not to log in.

3.) Microsoft Secure Score: Know it. Secure it.

You can think of Microsoft Secure Score as a credit score for your organization’s security. Basically, it measures your use of Microsoft’s security features and gives you a percentage score based on how well you’re aligning with best security practices.

It’s important to note Microsoft does not enable some of these security features by default. They let you as an organization decide if you want to opt in. Additionally, some security features only are available with Microsoft 365 Business Premium licenses, which is why recommend Premium to our clients.

By default, we enable these features for any new client, and it often raises their Secure Score above 70%, which is a good bar to strive for initially.

Some of these settings include:

  • Safe links and safe attachments: Protects against phishing and malware attacks found in email links or attachments.
  • Conditional access policies: For example, blocks access to your data if the login is coming from a country where your business does not operate.

“Ultimately, no amount of protection or solution is 100% secure. That’s why it’s important to not only have cybersecurity insurance but also to ensure you have data breach coverage.”

Unfortunately, Secure Score is not a set-it-and-forget-it configuration. Your score will change over time because not only does your environment change, but Microsoft changes.

We recommend looking at your Secure Score every six months or, at the very least, once a year to make sure you remain above that 70% threshold.

4.) Detection and Response: Fires Happen, Limit the Burn Radius

Data breaches and cybersecurity attacks continue to grow in size and scale.

It’s no longer if you will experience a security incident, it’s when.

For the same reason your house has smoke alarms to detect fires early, your organization should use managed detection and response (MDR) tools to limit the damage attackers can cause.

And just like MFA, there is MDR and good MDR. Good MDR includes:

  • 24/7/365 coverage: Attackers don’t attack in broad daylight or take holidays off. They attack when you’re sleeping or when they think your systems are most vulnerable.
  • Preauthorization to isolate: This allows your managed service provider to isolate a threat without waiting for a response from you. Isolation severely limits an attacker’s ability to move throughout your network.

MDR is an inexpensive solution, and it could end up saving your organization thousands in downtime or legal fines.

5.) Product Lifecycle: Can’t Patch? Time to Pitch

Even 5 years ago, organizations rarely paid attention to patch cycles.

Attackers figured this out and started to take advantage of vulnerabilities in unpatched hardware and software, necessitating the need for organizations to replace what can’t be patched with updates.

Outside of phishing attacks, exploited vulnerability attacks are the fastest-growing type of attack because it’s an easy way for threat actors to gain access. You’re essentially unlocking a door for hackers to walk right in.

For example, Microsoft is ending support for Windows 10 on Oct. 14, 2025. In just a few months, no one in your organization should be using a device that has Windows 10 because it will no longer receive vital security updates.

While some of your computers can be upgraded to Windows 11, others will have to be replaced. As a general rule, if you purchased your computer before 2018, you’ll need to buy a new computer.

Ultimately, no amount of protection or solution is 100% secure. That’s why it’s important to not only have cybersecurity insurance but also to ensure you have data breach coverage.

Many organizations opt for general business insurance with some cybersecurity insurance bolted on. However, this kind of tacked-on coverage usually offers a significantly smaller amount of coverage. A single data breach can be worth millions in damages, even for a small business under 10 employees.

Need Help Implementing This Advice?

Don’t wait until a data breach or cyberattack to improve your organization’s security posture.

Contact us today to schedule a consultation, and let’s secure your business before the next threat hits.

Stay updated! Get tips and insights delivered to your inbox weekly by subscribing to our newsletter.

Get Support
Subscribe To Our Newsletter

Share this post

Related Posts

3 Signs You’re Being Scammed Over Tariffs
18Jun

3 Signs You’re Being Scammed Over Tariffs

Attackers are using the uncertainty surrounding tariffs to dupe people... read more

Microsoft Ends Business Premium Grants for Nonprofits
16Jun

Microsoft Ends Business Premium Grants for Nonprofits

Starting next month, Microsoft will discontinue the... read more

5 Common IT Challenges Faced by Small Businesses
12Jun

5 Common IT Challenges Faced by Small Businesses

Running and maintaining an efficient small business is a lot... read more

Is Your Organization Ready for Copilot? Take Assessment
09Jun

Is Your Organization Ready for Copilot? Take This Quick Assessment To Find Out.

You’ve no doubt heard the hype: Microsoft 365 Copilot can... read more

Microsoft Will Raise On-premises Server Prices: What You Need to Know
04Jun

Microsoft Will Raise On-premises Server Prices: What You Need to Know

Microsoft recently announced it is increasing prices... read more

AI Tools and Data Protection: Is It Safe to Use Consumer Versions for Work?
02Jun

AI Tools and Data Protection: Is It Safe to Use Consumer Versions for Work?

AI tools like ChatGPT and Copilot are great for productivity,... read more

Why Risk Assessment is Part of Documenting Critical Applications
26May

Why Risk Assessment is Part of Documenting Critical Applications

We’ve talked before about why identifying your critical applications... read more

4 Essential Tips for Using Your Printer Securely
21May

4 Essential Tips for Using Your Printer Securely

We put a lot of emphasis on securing networks, servers... read more

Grand Rapids IT Preparedness
20May

Understanding the Levels of IT Preparedness

Unexpected disruptions can cripple your organization. Losing important data can... read more

Upgrade Your Server Operating System
14May

Why You Need to Upgrade Your Server Operating System

Despite the rise of cloud usage, several organizations still... read more