Small Business Cybersecurity FAQ

Cybersecurity tends to rank low on a small business owner’s list of concerns.  However, with cyberattacks on the rise and new data privacy legislation on the horizon, doing nothing is no longer an option.  Two-thirds of SMBs suffered a cyberattack last year, while the average cyberattack costs nearly $3 million.

Most small business owners aren’t IT experts, so in the interests of education, we put together this list of small business cybersecurity FAQ.


What is a firewall?

Just like a concrete firewall prevents a fire from destructively spreading through a building, a virtual firewall prevents unwanted intrusions from destructively entering your computer network.

What is a software patch?

An update to existing software that improves performance, seals security holes, or introduces additional features.

What is a data backup device?

A physical appliance installed on a server that stores a local copy of your computer data, allowing for quick and easy restoration if the data gets lost, stolen, or otherwise compromised.

READ MORE: What is the best data backup service for your small business?

What is antivirus software?

A program that detects, prevents and removes computer viruses, as well as worms, trojans, adware and more.

What is a cyberattack?

A malicious attempt by an outside individual or organization to breach the network of another individual or organization, usually done with the intent to restrict network access and steal, damage or ransom data.

What is multifactor authentication?

A security protocol that requires a user to submit multiple forms of identifying credentials before accessing a device, network or database.

What is social engineering?

It is the malicious use of psychological manipulation to obtain the trust of an unwitting end-user.

What is a phishing attack?

A form of social engineering, a phishing attack sends fraudulent emails to trick someone into revealing confidential information or click a malicious link.

What is an endpoint device?

Any Internet-capable, remote computing device that communicates with a connected network, such as a smartphone or laptop.

What is penetration testing?

Also known as “ethical hacking,” a penetration test searches for and targets security vulnerabilities by staging a pre-planned cyberattack.

Small Business Cybersecurity FAQ

What is a vulnerability assessment?

A process that identifies and prioritizes the repair of security vulnerabilities.

What is ransomware? 

It is a type of malicious software that blocks access to your system and data, which then gets offered back in exchange for a ransom.

What is malware?

Short for “malicious software,” malware is a catch-all term that refers to various types of cyber threats, including viruses, worms, trojans and more.

What is a zero-day attack?

It is a cyberattack that exploits a previously unknown or unaddressed software vulnerability.

What is password spraying?

A cyberattack in which a hacker attempts to gain network access by entering simple and commonly used passwords (e.g., “Password1” or “123456”) into a multitude of user accounts.

What is CCPA? 

The California Consumer Privacy Act (CCPA) is one of the most far-reaching consumer data privacy and breach notification laws in the country.  This state law goes into effect on Jan. 1, 2020.

READ MORE: CCPA: How will it affect my business?

What is NIST?

Founded in 1901 and now part of the U.S. Department of Commerce, the National Institute of Standards and Technology (NIST) provides measurements, standards and best practices for all types of technology.

What is cybersecurity awareness training?

A service industry built around combating phishing and other malicious social engineering tactics by training human error out of the equation.

READ MORE: Does my business need cybersecurity awareness training?

What is cyber insurance?

It is a form of liability insurance that covers first-party losses and third-party claims related to a cyberattack.

READ MORE: Cyber insurance: Is it right for your SMB?

What is Advanced Threat Protection?

It is a security software that uses early detection and a quick response to ward off all types of cyberattacks.

What is mobile device management?

Software that enforces in-house IT policies and deploys cybersecurity measures on workers’ devices.

What are Internet of Things (IoT) devices?

They are internet-connected objects with capabilities for remote monitoring and control. Examples include smart thermostats and home security systems.


How do I recognize a phishing email?

There are a few telltale signs of a phishing email (often called a “spoofed email”):

  • The sender requests that you send sensitive information over email.
  • Their domain address gets 1 or 2 characters wrong.
  • The email comes riddled with suspicious spelling mistakes and bad grammar.
  • It also contains unsolicited attachments or suspicious links.

Small Business Cybersecurity FAQHow much does a cyberattack cost?

A 2017 study by Bank of America reported that 31 percent of small businesses spent more than $50,000 to resolve a customer data breach.

READ MORE: What is the real cost of a data breach on small businesses?

Can my email in Office 365 be hacked?

Although Microsoft Office 365 boasts ironclad security features, hackers can access an account by using stolen credentials.

READ MORE: Office 365 Migration Success Story: Ray Stone, Inc.

How do I protect my data in the cloud?

  • Hire a managed service provider with strict security protocols.
  • Secure the devices of all your end-users.
  • Ensure your data gets comprehensively encrypted.

What are some best practices regarding passwords?

  • Require strong passwords that combine letters, numbers and symbols.
  • Enforce regular password changes, and don’t reuse the same passwords.
  • Employ multi-factor authentication to make it harder for hackers.
  • Create a company-wide password policy and educate your end-users.

What should be my top network security priorities?

Every business large and small should incorporate these necessary measures:

  • Firewall
  • Antivirus
  • Software patch management
  • Data backup protection

From there, you can add next-level cybersecurity tactics like multifactor authentication, Advanced Threat Protection, cybersecurity awareness training, cyber insurance and beyond.


At Capital Network Solutions, we understand that it’s challenging to stay ahead of the curve on technology trends and IT-related legislation while still focusing on your core business.  Instead of assuming one size fits all, we tailor our managed IT service plans to the dimensions of your small or medium-sized business.

If you need help managing your business IT, call CNS at (916) 366-6566 and set up a free consultation.