We no longer support this browser.  Using a supported browser will provide a better experience.

Please update your browser.

Close browser message

Manage your business

How to boost cybersecurity for your small business

Updated: 06/24/20

Security breaches at big companies get a lot of attention, but smaller firms are increasingly at risk, too. The number of attacks on companies with fewer than 250 employees is steadily growing according to an internet security threat report released by software security firm Symantec.

Chase's Consumer & Community Banking experts suggest that business of all sizes need a plan to defend cybersecurity threats. So at the recent Chase for Business conference in New York, the group shared some tips on how to protect data, assets and transactions with entrepreneurs. Here are the highlights:

Get to know criminals' tricks

Cyberattacks may be launched over the internet or rely on someone with physical access to a company's premises, explains two JPMorgan Chase Cybersecurity Executive Directors, Eric Smith and Anthony Karnavas. Hackers can infiltrate businesses by using:

  • Emails that contain malicious hyperlinks and attachments. These messages often look like they came from a colleague and are commonly referred to as Phishing attempts.
  • Legitimate-looking websites that are set up to capture users' login credentials.
  • Social engineering to convince unsuspecting employees to reveal confidential information or credentials.
  • Mobile apps that contain malicious code. These usually affect individuals who have "jailbroken" their devices to remove native software.
  • Physical devices, most notably USB sticks infected with malicious software. Hackers may connect one to a company system, or leave it in a public area with the hope that an unsuspecting employee will pick it up, use it and inadvertently infect the company's network.

Bolster your defenses

Small business owners typically have lean IT support, but developing a good cybersecurity plan doesn't have to be an overwhelming task. Below are some tips from Chase to help protect your business:

  • Secure your accounts. Ensure you know who has access to your network, and all of your applications and systems. When employees leave or change jobs, make sure their access is turned off, or matches the requirements of their new job.
  • Use strong passwords. Develop your own naming conventions so you can remember creative, unique passwords for every site or system that you access. Change them frequently for critical systems. Require your employees to do the same.
  • Use the latest anti-virus software, and ensure it is updated. Don't cut corners on protective software. It's well worth the cost to buy subscriptions so you receive regular updates that recognize and protect against new threats.
  • Tap resources that educate small businesses on security. Some state and local governments, and local business associations, host workshops and offer information such as Cybersecurity playbooks for businesses. Also look for resources such as the online Small Business Community group run by the U.S. government's Computer Security Resource Center.

Fraud attempts may infiltrate even the strongest security measures, so continually monitor your accounts for suspicious activity, Smith adds. Provide good internal controls, such as initiating a review process before paying any new party for the first time. And most importantly, foster a culture of cybersecurity awareness among employees and customers.

Lastly, Karnavas says to trust your instincts. "If you receive a request via e-mail to perform a transaction, click on an unfamiliar link, or are offered a prize - make sure you recognize the source. If it doesn't feel right, it's most likely not a legitimate request."

For more information and resources to keep your business secure, visit the Chase Security Center. This document was prepared exclusively for the benefit and internal use of the party to whom it is delivered (the "Recipient"). The content is not intended as, nor shall be deemed to constitute or contain, advice on which the Recipient may rely; does not constitute in any way research of JPMorgan Chase & Co. ("JPMC"), and should not be treated as such. This document is not intended, nor should it be relied upon, to address every aspect of the subject discussed herein. The Recipient is responsible for determining how to best protect itself against cyber threats and for selecting the cybersecurity best practices that are most appropriate to its needs. JPMC assumes no responsibility or liability whatsoever to any person in respect of such matters, and nothing within this document shall amend or override the terms and conditions in the agreement(s) between JPMC and the Recipient.