Cyber security tends to rank low on a small business owner’s list of concerns.  However, with cyberattacks on the rise and new data privacy legislation on the horizon, doing nothing is no longer an option.  Two-thirds of SMBs suffered a cyberattack last year, while the average cyberattack costs nearly $3 million.

Most small business owners aren’t IT experts, so in the interests of education, we put together this list of FAQs related to SMB cyber security basics.


What is a firewall?

Just like a concrete firewall prevents a fire from destructively spreading through a building, a virtual firewall prevents unwanted intrusions from destructively entering your computer network.

What is a software patch?

An update to existing software that improves performance, seals security holes or introduces additional features.

What is a data backup device?

A physical appliance installed on a server that stores a local copy of your computer data, allowing for quick and easy restoration if the data gets lost, stolen or otherwise compromised.

READ MORE: What is the best data backup service for your small business?

What is antivirus software?

A program that detects, prevents and removes computer viruses, as well as worms, trojans, adware and more.

What is a cyberattack?

A malicious attempt by an outside individual or organization to breach the network of another individual or organization, usually done with the intent to restrict network access and steal, damage or ransom data.

What is multifactor authentication?

A security protocol that requires a user to submit multiple forms of identifying credentials before accessing a device, network or database.

What is social engineering?

The malicious use of psychological manipulation to obtain the trust of an unwitting end user.

What is a phishing attack?

A form of social engineering, a phishing attack sends fraudulent emails to trick someone into revealing confidential information or click a malicious link.

What is an endpoint device?

Any Internet-capable, remote computing device that communicates with a connected network, such as a smartphone or laptop.

What is penetration testing?

Also known as “ethical hacking,” a penetration test searches for and targets security vulnerabilities by staging a pre-planned cyberattack.

Small Business Cybersecurity FAQ

What is a vulnerability assessment?

A process that identifies and prioritizes the repair of security vulnerabilities.

What is ransomware? 

A type of malicious software that blocks access to your system and data, which then gets offered back in exchange for a ransom.

What is malware?

Short for “malicious software,” malware is a catch-all term that refers to various types of cyber threats, including viruses, worms, trojans and more.

What is a zero-day attack?

A cyberattack that exploits a previously unknown or unaddressed software vulnerability.

What is password spraying?

A cyberattack in which a hacker attempts to gain network access by entering simple and commonly used passwords (e.g., “Password1” or “123456”) into a multitude of user accounts.

What is CCPA? 

The California Consumer Privacy Act (CCPA) is one of the most far-reaching consumer data privacy and breach notification laws in the country.  This state law goes into effect on Jan. 1, 2020.

READ MORE: CCPA: How will it affect my business?

What is NIST?

Founded in 1901 and now part of the U.S. Department of Commerce, the National Institute of Standards and Technology (NIST) provides measurements, standards and best practices for all types of technology.

What is cyber security awareness training?

A service industry built around combating phishing and other malicious social engineering tactics by training human error out of the equation.

READ MORE: Does my business need cyber security awareness training?

What is cyber insurance?

A form of liability insurance that covers first-party losses and third-party claims related to a cyberattack.

READ MORE: Cyber insurance: Is it right for your SMB?

What is Advanced Threat Protection?

Security software that uses early detection and a quick response to ward off all types of cyberattacks.

What is mobile device management?

Software that enforces in-house IT policies and deploys cyber security measures on workers’ devices.

What are Internet of Things (IoT) devices?

Internet-connected objects with capabilities for remote monitoring and control.  For example, smart thermostats, appliances and home security systems.


How do I recognize a phishing email?

There are a few telltale signs of a phishing email (often called a “spoofed email”):

  • The sender requests that you send sensitive information over email
  • Their domain address gets 1 or 2 characters wrong
  • The email is riddled with suspicious spelling mistakes and bad grammar
  • It also contains unsolicited attachments or suspicious links

Small Business Cybersecurity FAQHow much does a cyberattack cost?

A 2017 study by Bank of America reported that 31 percent of small businesses spent more than $50,000 to resolve a customer data breach.

READ MORE: What is the real cost of a data breach on small businesses?

Can my email in Office 365 be hacked?

Although Microsoft Office 365 boasts ironclad security features, hackers can access an account by using stolen credentials.

READ MORE: Office 365 Migration Success Story: Ray Stone Inc.

How do I protect my data in the cloud?

  • Hire a managed service provider with strict security protocols.
  • Secure the devices of all your end-users.
  • Ensure your data gets comprehensively encrypted.

What are some best practices regarding passwords?

  • Require strong passwords that combine letters, numbers and symbols.
  • Enforce regular password changes, and don’t reuse the same passwords.
  • Employ multifactor authentication to make it harder for hackers.
  • Create a companywide password policy and educate your end-users.

What should be my top network security priorities?

Every business large and small should incorporate these basic measures:

  • Firewall
  • Antivirus
  • Software patch management
  • Data backup protection

From there, you can add next-level cyber security tactics like multifactor authentication, Advanced Threat Protection, cyber security awareness training, cyber insurance and beyond.


At Capital Network Solutions, we understand that it’s challenging to stay ahead of the curve on technology trends and IT-related legislation while still focusing on your core business.  Instead of assuming one size fits all, we tailor our managed IT service plans to the dimensions of your small or medium-sized business.

If you need help managing your business IT, call CNS at (916) 366-6566 and set up a free consultation.