COVID-19 Small Business Guide

The COVID-19 pandemic is devastating to small businesses in a variety of ways. From the loss of business to remote work, things are changing fast during this outbreak, and small businesses are forced to adapt. That’s why I’m providing these summarized resources and suggestions to help your business navigate this challenging time.

Keeping Employees Safe

  • If an employee’s job tasks can be completed remotely, encourage them to work from home.
  • Make sure that sick leave policies are following public health guidelines and that employees understand these policies.
  • Keep office spaces clean and have employee’s workstations at least six feet apart.
  • If one or more employees show symptoms, inform all employees of their possible exposure to the virus, and encourage remote work if possible.

Managing an Online Team

  • Maintain clear communication with employees regarding job tasks and deadlines. Recommendations include daily emails and weekly video conferences.
  • Work hours, appropriate communication, safety protocols, and workflow logistics should be coordinated with employees.
  • Encourage employees to use this time to learn about leadership and relevant job skills that will improve work performance.

Communicating with Customers

  • Update customers about any possible delays that could result from the COVID-19 pandemic.
  • Maintain public relations and customer support by being clear about how your business is handling COVID-19 on your homepage, social media, and via email.
  • If appointments or shipments are delayed, let customers know promptly and thank them for their patience.

Preparing for Reduced Profits

We will get through this crisis. The damages so many business owners and employees are suffering right now is real and very scary. I hope is that this short guide will help your business find and make the right decisions to survive the coming months and years.


Coronavirus Aid, Relief, and Economic Security (CARES) Act Summary

Disclosure: I’m not a CPA or J.D. and gathered the information below for my own purposes. However, I thought you might benefit from my research. See your own CPA or lawyer for professional advice that applies to your own situation and state.

This post summarizes the developments of the most massive stimulus bill in American history, the Coronavirus Aid, Relief, and Economic Security (CARES) Act. The CARES Act will provide billions of dollars of relief to individuals, businesses, state and local governments, and the health care system suffering the impact of the COVID-19 coronavirus in the United States. Reuters has a summary posted here. Even though the program passed as a $2.2 trillion program, the impact is closer to $7 trillion based on direct relief, grants, and government-supported loans. Some of the key provisions include:

Tax Cuts for business and individuals – approximately $300 billion

  • A refundable 50 percent payroll tax credit for businesses affected by the coronavirus, to encourage employee retention. Employers would also be able to defer payment of those taxes if necessary. This retention tax credit is for eligible employers that continue to pay employee wages while their operations remain fully or partially suspended as a result of specific COVID-19-related government orders
  • Loosened tax deductions for interest and operating losses
  • Suspension of penalties for people who tap their retirement funds early
  • Tax write-offs to encourage charitable deductions and encourage employers to help pay off student loans

Businesses and other employers’ programs

  • Over $400 billion in grants for industry sectors include airlines and travel, hospitals, and education
  • Nearly $400 billion to support American small businesses for essentials like salaries, occupancy costs, and utilities
  • Deferral of the employer portion of payments of certain payroll taxes
  • Modification of net operating loss (NOL) and limitation on losses rules and deduction limitation on business interest
  • Qualified improvement property technical correction, allowing qualifying interior improvements of buildings to be immediately expensed rather than depreciated over 15 years
  • Provisions that impact small business most
    • Employee Retention Payroll Tax Credit
      • Employers who are at risk for closure due to COVID-19 can receive a payroll tax credit against eligible payroll taxes for each calendar quarter equal to 50% of the qualified wages paid to each employee. The credit is available for an employer whose operations were fully or partially suspended due to a COVID-19 related shut-down order from an appropriate governmental authority, or if gross receipts declined by more than 50% when compared to the same quarter in the prior year
      • The eligible wages for an employee are up to $10,000 for all calendar quarters. Qualified wages include wages and health benefits paid to an eligible employee
      • This credit is also available to nonprofit organizations
      • Employers taking advantage of other credits or taking a small business interruption loan are not eligible for this credit
    • Delay of Employment Tax Payments
      • Deferral of the employer portion of payments of certain payroll taxes
      • The Act allows employers and self-employed individuals to defer payment of the employer share (6.2%) of the Social Security tax on wages through the end of 2020. Fifty percent of the deferred tax payments will be due by December 31, 2021, and the remaining portion due by December 31, 2022. Businesses who have debt forgiven from Payroll Protection Program loans (covered below) are not allowed to delay their payments
    • Net Operating Loss/Excess Business Loss Changes
      • Modification of net operating loss (NOL) and limitation on losses rules and deduction limitation on business interest
      • The Tax Cuts and Jobs Act limited net operating loss deductions. The CARES Act has amended those provisions to allow net operating losses incurred in 2018, 2019, and 2020 to be fully deductible, without the 80% limitation. The net operating losses from 2018, 2019, and 2020 are also allowed to now be carried back five years to allow businesses to claim refunds of taxes paid in prior years
      • Owners of pass-through entities are no longer subject to excess business loss provisions for 2018, 2019, and 2020. They will be able to take full advantage of pass-through losses, as available
    • Business Interest Deduction
      • The Tax Cuts and Jobs Act had limited the deductibility of business interest to 30% of taxable income. The allowable deduction under the CARES act has been increased to 50%
    • Qualified Improvement Property
      • Businesses will be able to write off all of the costs of certain interior renovations as 15-year property and eligible for expensing in nonresidential real property instead of using straight-line depreciation over a 39-year period
      • Qualified improvement property technical correction, allowing qualifying interior improvements of buildings to be immediately expensed rather than depreciated over 15 years
  • Available SBA programs covered in our earlier post Help Businesses and Families Now
    • Economic Injury Disaster Loans (EIDL), some information below
    • SBA Payroll Protection Program (PPP) under the CARES Act, covered next
    • SBA Express Bridge Loan (EBL)
    • SBA Regular 7(a) Loan Program
  • The Paycheck Protection Program (PPP) will provide nearly $350 billion in loans and loan guarantees for the covered period of February 15, 2020, through June 30, 2020. Note that the use of PPP eliminates the use of SBA Economic Injury Disaster Loan (EIDL) below.
    • It will cover payroll costs (up to annual amounts of $100,000); continuation of group health care benefits; employee salaries, commissions, or similar compensation; mortgage payments; rent; utilities; and interest on any other debt obligations incurred before the covered period
    • It will extend eligibility to companies of 500 employees or less and 501(c)(3) nonprofits, veterans’ organizations, and tribal small business concerns
    • Sole-proprietors, independent contractors, and other self-employed individuals may also participate
    • Loan forgiveness is available up to the principal amount of the financing
    • Loan forgiveness would be reduced for employers who lay-off workers or reduce employee compensation except where employers rehire workers or pay additional wages to tipped workers
    • Loan forgiveness is available for payroll costs, mortgage interest rent, and utility payments
    • Forgiven loan amounts will not be included as gross income
  • The general formula is the lesser of the average total monthly payments for payroll costs during the one year before the date the loan is made, multiplied by 2.5; or $10 million
  • The CARES Act includes a “Marshall Plan” for the health care system to help provide needed treatment during the pandemic and financial assistance to state, local, tribal and territorial governments, as well as to private non-profits providing critical and essential services
    • $150 billion for state, local and Native American tribal governments
    • $100 billion for hospitals and other elements of the healthcare system
    • $16 billion for ventilators, masks, and other medical supplies
    • $11 billion for vaccines and other medical preparedness
    • $4.3 billion for the U.S. Centers for Disease Control and Prevention
    • $45 billion in disaster relief
    • $30 billion for education
    • $25 billion for mass-transit systems
    • $10 billion in borrowing authority for the U.S. Postal Service
    • $1 billion for the Amtrak passenger rail service
    • $10 billion for airports

Economic Injury Disaster Loan

  • $4.5 trillion in loans to businesses, states and cities that can’t get financing through other means
  • The SBA Disaster program has been authorized and the SBA is actively taking applications at
  • Expansion of the ways the Small Business Administration (SBA) can help small businesses, including allowing qualified SBA lenders to loan money directly to eligible customers, but there will be limited funding. Now is the time to call your qualified SBA lender and begin the process of gathering financial and tax records
  • The loans are available to small businesses, small agricultural cooperatives, small aquaculture businesses, and most private non-profits. The loans come directly through the SBA, not through banks.
  • The loans offer working capital loans for payroll, accounts payable, and other bills that could have been paid had the disaster not occurred; could be used to pay fixed debts
  • Applicants need to show they have suffered working capital losses due to the coronavirus disaster
  • The SBA will do an internal test to determine eligibility, so applicants do not need to produce any bank documentation for their application
  • 95% of the loans previously issued have been for $500,000 or less but can go up to $2 million. The SBA will determine the loan amount
    • Loans up to $2 million are to be repaid over 30 years at 3.75% fixed rate; payments deferred over the first 12 months
    • Must be small business per SBA size standards
    • Loans > $25,000 require collateral
  • How to apply: or We have also covered the SBA loan program in our post Help Businesses And Families Now – COVID-19 Responses
  • Below are the high points on the Stimulus Loans/Grants only (Who, What, When, Where and How). As facts become clear, this page will be updated. Always trust an authoritative source, not this post that summarizes the facts
    • WHO is eligible: Businesses with less than 500 employees. Multi-location restaurants with more than 500 employees, but no single location with more than 500 employees will be eligible
    • WHAT Loan Amount: 2.5 times your average monthly payroll costs limited to $10 million. 10-year loan with an interest rate of 4.0% or lower. No prepayment penalties. (Further definition of payroll costs will be defined, but 1099 contractors are included in this calculation). Loan Forgiveness is included: the amount of the loan used to pay for payroll, rent, utilities, and mortgage interest from February 15, 2020, through June 30, 2020, will be forgiven. The debt forgiven will not be considered taxable income.
    • WHEN: Mnuchin said in a press conference that these loans should be available Friday, April 3, 2020
    • WHERE: Any FDIC insurance bank or federally insured credit union will be able to provide these loans. These loans will be SBA loans, but you do not need to go through an SBA bank or the SBA website to access these loans. We do know which banks will be participating at this time
    • HOW: We don’t know what documentation will be required precisely but be prepared to have payroll tax returns and payroll reports from 2019 and YTD 2020 available to calculate your eligibility and the amount of the loan. We recommend that you start getting your payroll records together so you can get in front of the line once this program starts
    • Additionally, there is no personal guarantee required on any of the loans. They are 100% insured by the Federal Government


  • Recovery rebates of up to $1,200 for singles, $1,200 for heads of households, and $2,400 for married couples filing jointly — families with children under 17 will also receive an additional $500 per qualifying child. Payments would be phased out for those earning more than $75,000 a year. Those earning more than $99,000 would not be eligible. These phase-out numbers double for married couples. The only people excluded are those who are behind on child support payments
  • Expansion of unemployment benefits, including for self-employed and gig-economy workers
  • Jobless workers receive an extra weekly boost from the federal government of $600/week in addition to state aid. Self-employed workers, independent contractors and those who typically don’t qualify for unemployment benefits would be eligible
  • Unemployment benefits, which run out after six months in most states, will be extended for an additional 13 weeks
  • Waiver of the 10% penalty on COVID-19-related early distributions from IRAs, 401(k)s and specific other retirement plans
  • Expansion of charitable contribution tax deductions
  • Exclusion for certain employer payments of student loans




Help Businesses And Families Now – COVID-19 Responses

Standing by on the sidelines as an observer is not my thing in life, business, or sports. Watching the personal and economic turmoil caused by the global response to the COVID-19 coronavirus was unacceptable, and a call to action came out of the UK. What can we do to save our clients? While these resources are US-centric, perhaps one of the items will give you an idea that you can action. (John’s Hopkins current global cases dashboard) (

For business:

  1. Remember cash flow is king
    • Speak with critical creditors to assure them you’ll do your best to pay
    • Ask for payment deferrals where appropriate
    • Cut optional expenses
  2. Apply for government-supported loans, if interested (more below) – SBA Disaster Loan
  3. Check bank lines to have cash in place for any shortfalls (payroll, unexpected)
  4. Anything needed for team members ability to function/personal productivity
  5. Clear communications internal and external

For family and individuals:

  1. Food supplies OK/stable?
  2. Health care supplies/needs met?
  3. Family communication established?
  4. Items needed to resume/maintain a normal lifestyle
  5. Conserve cash, eliminate optional expenses short term, defer payments
  6. What to do during quarantine

SBA Loans (Trust the Federal sites for correct information, but this a current summary as of this writing on March 22, 2020

Official Program Links or News Releases


SBA Economic Injury Disaster Loan (EIDL):

  • SBA is directly offering low‐interest federal disaster working capital term loans to small businesses suffering substantial economic injury as a result of COVID‐19
  • The SBA Disaster program has been authorized and the SBA is actively taking applications at
  • Loans up to $2 million are to be repaid over 30 years at 3.75% fixed rate; payments deferred over first 12 months
  • Must be small business per SBA size standards
  • Loans > $25,000 require collateral

SBA Payroll Protection Program (PPP) under CARES Act: 

  • Authorizes $350 billion for three months of 100% guaranteed 7(a) loans to cover payroll costs, interest on mortgage payments, rent obligations, and utilities
  • Applies to businesses with fewer than 500 employees or those that meet SBA’s current size standards for 7(a) loans
  • Applies to self‐employed or individual contractors
  • Applies to certain non‐profits
  • The maximum loan size for borrowers is capped at the lesser of 250% of the average monthly “eligible” payroll costs (with a lookback of one year or relevant period for seasonal businesses), or $10 million
  • Interest rate capped at 4%
  • A portion of any loan issued as part of the PPP, up to or equal to 8 weeks of covered expenses, will be forgiven by SBA and paid to the lender, plus interest

SBA Express Bridge Loan (EBL): 

  • Authorizes SBA Express Lenders to provide expedited SBA‐guaranteed bridge loan financing on an emergency basis in amounts up to $25,000 for disaster‐related purposes to small businesses in declared areas while those small businesses apply for and await long‐term financing (including  through SBA’s direct Disaster Loan Program, if eligible)
  • SBA Guaranty is 50%
  • Terms loans up to 7 years
  • Lender can require repayment if Disaster Loan is approved
  • No collateral required
  • Use of proceeds: to support the survival and/or reopening of small business
  • EBL loans can only be made to borrowers “with which the Lender had an existing banking relationship on or before the date of disaster”

SBA Regular 7(a) Loan Program: 

  • The regular 7(a) Loan Program is still in effect with $18 billion remaining in FY20 budget
  • The limit for express loans with 50.00% SBA Guaranty has been temporarily raised to $1 million through 12/31/2020
  • A provision in the CARES Act Authorizes $17 billion to pay six months of principal and interest payments for all existing regular SBA 7(a) borrowers, plus new SBA loans that are booked over next 6 months after date of enactment. This provision provides relief on existing obligations.

Families First Coronavirus Response Act – HR 6201 Leave and Credits

The Families First Coronavirus Response Act (the “Act”) passed by the House and Senate and was signed into law by the President on March 18, 2020. This Act addresses mandated paid emergency sick leave and paid family medical leave for workers impacted by COVID-19.  Employers will receive a payroll tax credit to offset wages paid under the Act. You can read the IRS quick facts here.

Emergency Paid Sick Leave:  Employers with less than 500 employees are required to provide emergency paid sick leave for employees unable to work due to specific qualifying circumstances. Full-time employees are eligible for up to 80 hours of emergency paid sick leave, while part-time employees are eligible based on the number of hours they would typically work in a two weeks.  This provision is applicable regardless of the duration of employment, and employers cannot require employees to use other sick time before the Emergency Paid Sick Leave.

Employees meeting the following qualifying circumstances are eligible for emergency paid leave equaling the lesser of their regular pay or $511 per day with a maximum of $5,110 per affected employee:

  • The employee is subject to a federal, state, or local quarantine or isolation order related to COVID-19.
  • A health care provider has advised the employee to self-quarantine due to concerns related to COVID-19.
  • The employee is experiencing symptoms of COVID-19 and seeking a medical diagnosis.

Employees meeting the following qualifying circumstances are eligible for emergency paid leave equaling the lesser of two-thirds of their regular pay or $200 per day with a maximum of $2,000 per affected employee:

  • The employee is caring for an individual who is subject to an order as described in (1) or (2) above.
  • The employee is caring for their son or daughter if the school or place of care has been closed, OR the childcare provider is unavailable due to COVID-19 precautions.
  • The employee is experiencing any other substantially similar condition specified by the Secretary of Health and Human Services.

Emergency Family and Medical Leave Expansion:  The Emergency Family and Medical Leave Expansion Act requires paid time off (weeks three through twelve) for any employee who has been employed for at least 30 calendar days by the employer and is unable to work (or telework) due to a need for leave to care for their son or daughter under 18 years of age if the school or daycare has been closed or the child care provider is unavailable due to a public health emergency with respect to COVID-19.  The first two weeks (10 days) are unpaid under FMLA, but an employee may elect to substitute accrued vacation, personal leave, or sick leave for those days.  The first 10 days may also be covered under the Emergency Paid Sick Leave for employees of companies with less than 500 employees, as discussed above.  The amount of paid leave available should be not less than two-thirds of an employee’s regular rate of pay, not to exceed $200 per day and $10,000 in the aggregate.

This provision also applies to employees of companies with less than 50 employees that are not otherwise required to offer FMLA benefits.  The Secretary of Labor has the authority to issue regulations exempting businesses with fewer than 50 employees when the imposition of such requirements would jeopardize the viability of the business as a going concern.  Small employers should not rely on this language or assume they will be exempt before guidance from the Secretary of Labor.

Telework:  In both provisions, employees are encouraged to telework. If an employee can telework, they should be able to do so to reduce the need for sick leave.

Employers are prohibited from:

Requiring a worker to find a replacement to cover their hours during time off.

Discharging or discriminating against workers for requesting paid sick leave or filing a complaint against the employer.

Tax Credits:  The Act provides refundable tax credits to employers equal to the required benefits for affected employees. The credit is applied against the employer’s share of FICA and Medicare tax liability.  If the total sick leave payments made by the employer exceed its share of FICA and Medicare taxes, the difference is refundable.

Any wages paid because of the Emergency Paid Sick Leave Act, and the Emergency Family and Medical Leave Expansion Act are NOT subject to FICA or Medicare tax.

Self Employed Individuals:  Self-Employed Individuals are allowed a tax credit against their self-employment tax if they are impacted by any of the six triggering events. However, the credit is subject to the daily limit of 67% of average daily self-employment income, or $200. The Bill requires self-employed individuals to maintain documentation to establish self-employment eligibility as prescribed by the Secretary of the Treasury.

Effective Date:  The Act will be effective no later than 15 days after the date of enactment (March 18, 2020) and will run through December 31, 2020.

The above are highlights of the newly enacted law.

Money Behind the Technology

Through the years, the opportunity to introduce good entrepreneurs with fine products to larger companies or investors to help their company and product grow. While preparing materials for presentations, the money behind the technology used by accounting professionals. While who owns what changes daily, investment strategies illustrate what will happen in the future. While my personal preference is to create and operate, many operators prefer to create and flip, taking the money they have made and choosing to do something else.

The links in this post should help you navigate who is holding what. My intent is certainly not to show you all technology company holdings but to simply illustrate a few that are critical to accounting professionals. First, consider a simple listing of Venture Capital Partners And Firms. (You can click through these links to see a simple list of each.)

Now for a few examples of VC firms and representative holdings:

While certainly not a comprehensive list, this quick reference can help you navigate the money behind the technology. By the way, media coverage is changing, too.

  • Endeavor Business Media, LLC (CPA Practice Advisor, formerly Southcomm Publishing Company, Inc. formerly Cygnus Business Media)
  • Gannett (The Hutchinson News, formerly Harris Enterprises, Gatehouse Media)
  • Gray Television, Inc. (KWCH, formerly KTVH, Smith Broadcasting, Sunflower Broadcasting, Tribune Interactive)
  • Observer Capital (Arizant, publisher of Accounting Today formerly SourceMedia from Thomson to Investcorp)
  • Sift Limited (AccountingWeb)

How To Protect Yourself Against A Phishing Attack

You have probably heard about phishing attacks in the context of the Internet. But in fact, phishing is older than the web itself. This password-stealing technique was first used over the phone. Hence the name that’s a portmanteau of “phone” and “fishing”, as in fishing for passwords or other information.

Today, phishing attacks are still going strong, although now in digital form. Read to find out what a phishing attack is and how to protect your accounts from this common cyber threat.

How does phishing work?

Phishing is a game of deception. Hackers send emails posing as a legitimate institution to trick victims into revealing their sensitive information, such as passwords or credit card details.

Phishing emails use manipulation to compel victims to reveal their information. They often convey a sense of urgency, informing the target that they’re in an overdraft or that their credit card has been blocked. Alternatively, phishing emails would describe too-good-to-be-true scenarios, such as winning a contest the victim never entered or getting an unusually high tax return.

Typically, phishing emails contain a link that will redirect the victim to a website. These websites are exact replicas of the sites the hackers are impersonating. The unsuspecting target will be prompted to enter their login details or card details as usual. Unfortunately, this information will then go straight to the hackers who can now take over accounts or perform banking operations in the victim’s name.

In an alternative version of phishing, the link won’t take the victim to a site but it will download malware onto their computer instead. That malicious software will then provide a backdoor to cyber criminals to take control over the device or steal sensitive information.

How to protect yourself and your data

Know how to spot them

The first step to protecting yourself from a phishing attack is to be aware of their existence and treat all incoming emails with a healthy dose of skepticism. Beware of emails that ask you to reveal your personal data and never click any links in suspicious emails.

If you get an email from your bank, the government, or PayPal asking you to log into your account, don’t follow the links in that email. Instead, search the relevant website in your search engine and log in that way. If you want to be extra sure, it’s a good idea to bookmark your bank’s and other important institution’s websites for future reference.

Look also for warning signs in the email. Does it look different than normal? Is the greeting generic and doesn’t include your name? Is the email address correct? Phishing emails are often sent from email addresses that are very similar to the actual ones but so can be easily mistaken at first glance.

Set up two-factor or multi-factor authentication (MFA)

No matter how careful you are, you might still fall victim to a phishing attack. Cybercriminals who run these schemes are experienced and employ increasingly advanced techniques.

The only action that can truly protect you from the consequences of a phishing attack is securing your accounts with two-factor or multi-factor authentication. Two-factor authentication adds another layer of security on top of a password. It combines something you know (password) with something you have (security key, your phone), meaning that the hacker can’t simply log in from a new device just by knowing your password. They will still need to complete the second authentication step which in most cases will be impossible.

There are various methods of authentication that can be used as the second verification step. It’s worth noting that using an authentication app on your phone or a hardware security key are preferred forms of verification. Hackers have been known to redirect text messages of the victim to a different SIM card, so using texts as verification is generally discouraged by security experts.


Phishing attacks can outsmart even extra careful Internet users. It’s important to know how to recognize, what to do when you become a target, and how to prepare a safety net in case you fall for one. In 2019, taking care of one’s cybersecurity is more difficult and more important than ever.

Safeguarding Your Online Funds

In 2018, PayPal completed a major milestone — it processed 227 billion mobile transactions. Truth be told, this comes as no surprise, considering the worldwide popularity of this service and the increasing number of people using mobile devices to complete online purchases.

Unfortunately, mobile shopping isn’t the only statistic that has increased. Mobile malware and other cyber security issues are also on the rise.

In Q2 of 2018 alone, there were 1.74 million software packages targeting mobile payments, social media information, and financial data you’re storing on your phone.

So how can we improve the overall security of our online mobile transactions?

First things first, don’t forget to lock your phone. Surprisingly, not everyone has enabled this security measure. It’s a simple hack but one that could save your money the next time you forget your phone in the company boardroom or at the local McDonald’s.

Secondly, always use two-step verification, also known as multi-factor authentication (MFA). Now, it’s true that this method takes a little more time to log in, but it’s worth the effort.

Another good piece of advice is to use a temporary cash card for your purchases. You choose how much to add to the card which doesn’t need to be connected with your bank account, unlike debit cards. In the U.S. banking system, you only have 48 hours to claw back unauthorized transactions. The Federal Reserve is testing immediate transfer capabilities now, which will shorten this time more. Core banking systems like those from FiServ, Jack Henry, FIS and DCI will implement these capabilities and you’ll see them in your banking portals.

Setting up a limit on your online transactions is another good way to protect your cash. Cards flag suspicious transactions, but not everything is suspicious, and once someone has access to your card, they will keep using it until it gets blocked. Adding a limit onto your accounts speeds up the process of flagging.

Last but not least, if anyone asks you to email or share your credit card information to process a transaction, think twice, or simply refuse to do it. More and more reputable companies have secure credit card payment input, which means no one sees your financial information. Emailing makes your credit card information unsecure and is just not worth the risk.

Internet-based banking and commerce are not things that are just going to fade. Although there are risks associated with them, they provide us convenience. You can have the best of both worlds as long as you take steps to protect yourself.

Cyber Security and Other Statistics for 2019

Author’s note: I recently read a collection of statistics from techjury that will give you pause. TechJury compiled a list of cyber security statistics to help visualize what is happening in the field as well as what to expect in 2019. You can see the entire article and an infographic on their site. I’ve summarized them here with the author’s permission.

Alarming Cyber Security Statistics

  • It takes half a year to detect a data breach.
  • 43% of all cyber attacks are aimed at small businesses.
  • 91% of attacks launch with a phishing email.
  • A business falls victim to a ransomware attack every 14 seconds.
  • 38% of malicious attachments are masked as one Microsoft Office type of file or another.
  • Cyber criminals managed to exploit the credit cards of 48% of Americans back in 2016.
  • The global cost of online crime is expected to reach $6 trillion by 2021.

What are the sources of cyber security incidents?

Data Breaches

Often it is data breaches that steal the headlines.

  1. In most cases, it takes companies about 6 months to detect a data breach.

(Source: ZD Net)

If a robbery took place and the perpetrators got away, how much of a head start do they have if they want to cover their tracks? A day? An hour? Cyber criminals often get a neat 6-month head start, which makes tracking them down that much harder.

  1. There were 8,854 recorded breaches between January 1, 2005 and April 18, 2018.

(Source: Identity Theft Resource Center)

These breaches account for millions of records, with the price per record ranging anywhere from $120-$600. If we average these out at $360 per record, then the total price of these breaches is in the billions. People talk about the cost of cyber security, but they seldom think about the cost of not having it.

  1. In 2017, 61% of data breach victims were companies with less than 1000 employees.

(Source: Verizon)

While this number may be alarming, this has more to do with the fact that the larger-scale companies are more likely to have robust security than smaller companies. Many of these smaller companies simply do not have the means for proper defense to combat advanced cyber threats, which contributes heavily to these cyber security statistics.

Cyber Attacks

Cyber attacks vary in sort and severity, but they can be absolutely devastating, especially for small business owners.

  1. 43% of cyber attacks are targeted at small businesses.

(Source: Small Business Trends)

It makes a lot of sense that the little guy is targeted so often. While the benefit of such attack for the hacker is relatively small, it is much easier to pull it off. Many small businesses have minimal security infrastructure, making them easy prey for data predators. Considering the number of cyber attacks per day, quite a few of those get targeted.

  1. Around 50% of the risk companies face come by way of having multiple security vendors.

(Source: Cisco)

One may think when it comes to security, the more the merrier. However, having multiple security vendors is a great way to complicate your security infrastructure in a way that is likely to create greater vulnerabilities. It is best to stick with one security vendor and comply with all security updates and recommendations the vendor presents, according to various hacking stats.

  1. IoT attacks were up by 600% in 2017.

(Source: Symantec)

Nearly everyone has a smartphone now, making hackers and cyber criminals have greater choice of targets for attack. A portion of the rise could be attributed to the increased number of IoT devices, but the greater issue is that security doesn’t keep up the pace of the growing threats.

  1. 31% of organizations have experienced cyber attacks on operational infrastructure.

(Source: Cisco)

Perhaps the more concerning side to cyber security statistics in general is the number of incidents that have gone unreported. Speculation would lead one to believe that the figure of 31% is significantly lower than reality. Whatever the case, this is an important figure to be aware of as it shows at the very least that hackers are proficient in finding the correct target.

  1. DDoS attacks account for 5% of monthly traffic related to gaming.

(Source: Cox BLUE)

Another prevalent form of attack comes in the form of DDoS. This attack attempts to disrupt regular traffic to the desired web endpoint. Video gaming is a popular place for these attacks to occur because there are predictable and specific endpoints for most devices.

  1. Just 38% of global organizations claim that they are equipped and able to handle a complex cyber attack

(Source: IBM)

Perhaps one of the most alarming cyber security statistics on this list is the understanding that 62% of global organizations cannot claim that they are equipped to handle a cyber attack. This void will lead the charge for improved cyber security in the future.


Malware is by far the most common type of malicious internet activity.

  1. Over 24,000 malicious mobile apps are blocked from the various app stores each day.

(Source: Symantec)

Apple has generally been on top of its app store, not allowing malicious or harmful software onto iOS devices. Android has had a longer journey there because of the freedom afforded to developers. Nevertheless, it improved radically over the past several years. Such malicious apps can still be accessed, but most devices do require user approval before installing any unverified third-party applications. Cyber attack statistics show this to be a key reason why harmful software for mobile devices is not such an issue anymore.

  1. $2.4 million is the average cost of a malware attack in 2017.

(Source: Accenture)

One of the most prevalent attacks comes in the form of malware. Malware can cripple entire systems or even render them useless. A successful malware attack resulting in a cyber security breach can crumble an entire company as well as ruin its public reputation.

  1. There was an 80% increase in malware attacks on Mac computers in 2017.

(Source: Cisco)

Mac computers have always been renowned for their threat security. As far as out of the box security goes, Mac has been the gold standard for quite some time, but things seem to be changing. Malware statistics point to an astronomical increase that raises a few eyebrows. Is it possible that cyber criminals have found new vulnerabilities?

  1. 75% of the healthcare industry has been infected with malware at some point in time.

(Source: CISION: PR Newswire)

The healthcare industry accounts for the most records lost. This has to do with many factors including outdated systems, lack of cyber security training, and substandard protocols. In short, healthcare providers are an easy target with a lot to offer to potential criminals. It is no wonder why this industry is so often a target of large scale cyber attacks.

  1. Around 60% of malicious web domains are associated with spam campaigns.

(Source: Cisco)

For some reason I find it concerning when a company tells me to check my spam folder. The spam folder is where many people get taken advantage of. Spam campaigns attempt to send the user to insecure or malicious domains in an attempt to mine data.

  1. 38% of malicious files came in formats used by the Microsoft Office suite of products.

(Source: Cisco)

Microsoft Office is one of the most familiar sights in a modern working environment. Cyber criminals use these formats for their malicious files in attempts to lure unsuspecting victims into thinking it is just a simple spreadsheet or report. This is valid not only for recent cyber attacks, as executable files masked as harmless, well-known files are a popular digital bait for years now.

Cyber Security Is in High Demand

Security specialist is one of the most promising career choices in the IT sector.

  1. There are over 300,000 unfilled cyber security jobs in the United States, with the demand rising each year.

(Source: Cybint Solutions)

If you are a college freshman deciding on a major, then cyber security might be an attractive option. Not only are there plenty of openings, but the demand is expected to rise at an unprecedented rate. There are plenty of jobs available in tech nowadays, but perhaps none are as vital than as security. The next few cyber security stats show just how pressing this need may be.

  1. By 2021, the number of unfilled cyber security jobs is expected to balloon to 3.5 million.

(Source: The Hill)

The expected rise in jobs is still outpaced by the expected need for them. Chances are, companies will not be able to get enough cyber security experts. There’s simply not going to be enough people with this type of competency to fill all available spots. Let’s just stop and consider what it means that so many companies will not be able to get proper protection from cyber crimes. As cyber crime statistics show, this is one of the biggest problems that companies have to solve.

  1. Cyber security job postings are up 74% over the past five years.

(Source: Cybint Solutions)

This is the silver lining to these attacks. Many young people will be able to find gainful work in the cyber security sector. The unfortunate reality is much of this will be in response to attacks that will take place, and that there will be many more data breaches affecting millions of people within the next few years. Data breach statistics don’t suggest that the need for experts in the field will be lessened any time soon.

  1. Cyber security expenditures are expected to rise above $1 trillion by 2025.

(Source: Cybersecurity Ventures)

Once again, just like the jobs figures, this points to a very secure future for those pursuing a career in cyber security. The question remains if these expected expenditures will be enough prevent data breaches or at least bring them down significantly.

  1. The annual cost of cyber crime damages is expected to hit $6 trillion by 2021.

(Source: CyberSecurity Ventures)

The rate of these crimes is only expected to increase. Criminals are finding increasingly clever and diabolical ways to get their hands on data. This, coupled with the projections for further data breaches, spells an unwelcome story going forward. Some estimates have the number as high as $10 trillion. In this context, whatever the cost of cyber security may be it seems like a worthy investment.

  1. 65% of companies have over 500 employees that have never changed their password.

(Source: Varonis)

I believe most people are guilty of not changing their password often enough. This is just making it easy for would-be cyber criminals to have easy access to sensitive information through compromised passwords. An easy solution to these problems is an automated system that requires employees to regularly change passwords. Many such programs are free and easily implemented by IT professionals.

Ransomware Has Run Rampant

Ransomware, especially with the advent of cryptocurrencies, is an increasingly popular way for hackers to make money.

  1. Ransomware attacks are growing more than 350% annually.

(Source: Cisco)

A ransomware attack is designed to hijack the targets’ systems and hold them hostage in exchange for certain demands. These attacks are particularly effective and growing in number as the data from Cisco shows. The increase in cyber attacks is bound to continue in the foreseeable future.

  1. The damage costs of ransomware will rise to $11.5 billion in 2019.

(Source: Cybersecurity Ventures)

Once again, ransomware holds data and entire systems hostage until demands are met. Independent risk evaluators postulate that compliance with the perpetrator leads to greater security vulnerabilities and greater total loss.

  1. A business falls victim to a ransomware attack every 14 seconds.

(Source: Cybersecurity Ventures)

Something that differentiates cyber crime from any other kind of crime is the automation that can be deployed by perpetrators. Automation allows for cyber attacks to be deployed simultaneously and relentlessly. Failed attacks can be tried again almost infinitely. The number of cyber attacks each day keeps going up. Automation may also be the key to protection from these types of attacks, but for now it is not yet clear how to utilize this technology. As the stakes get higher and cyber criminals become more aggressive, the incentive to develop a solution will rise as well.

Unprotected, Progressively Vulnerable, and Ignored

System upgrades are not the easiest thing to implement. However, they become increasingly necessary to address adequately the growing security threats.

  1. Of all files, 21% remain completely unprotected.

(Source: Varonis)

This isn’t as startling of a revelation when compared to the other cyber security stats, but it is an alarming number of unprotected files. Of course, just because a file isn’t protected, doesn’t mean it’s accessible. Still, there’s a number of cases where that kind of protection is called for, but is not present.

  1. Reported system vulnerabilities went up by 16% in 2017.

(Source: Varonis)

The full reports for 2018 have not become available at the time of this writing, but early indications have this figure even higher over the past year. As tech evolves, most do not upgrade immediately. Older systems have different security vulnerabilities. If these are not addressed in a timely manner the systems are exposed even more with every passing day.

  1. 95% of data breaches have cause attributed to human error

(Source: Cybint Solutions)

With a large data breach, all eyes and fingers begin pointing to the IT department. The fact of the matter is these data breaches can very rarely be attributed to the folks over in IT. Information technology security breaches are few and far between. User error or actions that fall outside of IT recommended behavior will always cause more problems than just following the guidelines set by the IT department.


Phishing mail, just like the popular hobby with similar name, is extremely common and simple.

  1. 30% of U.S. users open phishing emails.

(Source: Verizon)

Unsurprisingly, phishing attacks make up a large amount of cyber security incidents. It is quite likely that most of us have opened phishing emails at some point in time. Kaspersky’s anti-phishing software has caught hundreds of millions of them every year.

  1. 12% of those who opened phishing emails later opened the infected links or attachments.

(Source: Verizon)

As we await the arrival of 2019 cyber security statistics, the report from Verizon shows that phishing attacks had a moderately high success rate. With more and more people understanding the dangers that lurk with these attacks, the hope is that this number will continue to fall in the coming years.

  1. In the last year, 76% of businesses reported that they had been a victim of a phishing attack.

(Source: Wombat)

Phishing attacks are the most common cyber security attack. This type of attacks are a big part of why there are so many compromised passwords. If you check your spam folder in your email, it is more than likely that you will find several of them. If a phishing emails makes it past filters into the inbox, to the untrained eye they will seem like legitimate messages that can be trusted.


  1. ZD Net
  2. Identity Theft Resource Center
  3. Verizon Data Breach Investigations Report
  4. Small Business Trends
  5. Cisco
  6. Symantec
  7. Cisco Data Privacy Study
  8. Cox BLUE
  9. IBM Cost of Data Breach Study
  10. Symantec Internet Security Threat Report
  11. Accenture
  12. Cisco Annual Cybersecurity Report 2018
  13. CISION: PR Newswire
  14. Cisco Data Privacy Study
  15. Cisco Data Privacy Study
  16. Cybint Solutions
  17. The Hill
  18. Cybint Solutions
  19. Cybersecurity Ventures
  20. Cybersecurity Ventures Cybercrime Report
  21. Varonis Global Data Risk Report
  22. Cisco Annual Cybersecurity Report 2018
  23. Cybersecurity Ventures
  24. Cybersecurity Ventures Cybercrime Report
  25. Varonis Global Data Risk Report
  26. Varonis Global Data Risk Report
  27. Cybint Solutions
  28. Verizon Data Breach Investigations Report
  29. Verizon Data Breach Investigations Report
  30. Wombat Security

Related documents and reading:

  1. Know Before
  2. Ponemon
  3. Kaspersky
  4. Cyberark
  5. Time
  6. Ponemon State of Endpoint Security Risk Report
  7. Accenture Cost of Cybercrime Study
  8. Accenture Cyber Threatscape Report
  9. IBM Cost of Data Breach Study
  10. Ponemon Global Cost of Data Breach Study
  11. CSO Online
  12. Accenture Achieving Data-Centric Security
  13. Forbes Technology Council

Other Statistics

Powerful Ways to Reduce Business Taxes for Tax Year 2018 and Beyond

From gathering the necessary paperwork to consulting with tax and financial professionals, tax season is a hectic time for most businesses. However, taking the time to identify all available tax savings opportunities is an essential way for businesses to improve their financial well-being through a reduced tax burden.

For tax year 2018, changes to federal law have made it particularly crucial for businesses to review the various incentives available to them. Most notably, the Tax Cuts and Jobs Act—the sweeping tax reform law enacted in December 2017—made significant changes to individual and business taxation and expanded savings opportunities for both. The following strategies will help businesses take advantage of incentives under the Tax Cuts and Jobs Act and other laws in order to minimize their tax burdens.

Verify that the business is properly classified for maximum tax savings.

The Tax Cuts and Jobs Act provides a deduction of up to 20 percent for pass-through entities, such as S-corporations, partnerships, and sole proprietorships. However, this deduction is not available to certain service-based businesses, including law firms, medical practices, and accounting firms, that have taxable income over $315,000. The new law also lowered the corporate tax rate from 35 to 21 percent. In light of these changes, businesses of all sizes should review their classifications and determine whether they would reap maximum tax savings as pass-through entities or C-corporations.

Claim the §179D deduction for qualifying energy efficiency projects.

Section 179D of the tax code offers commercial building owners a deduction of up to $1.80 per square foot for installing qualifying energy efficiency measures. Specifically, the deduction is worth up to $0.60 per square foot for improvements made to a building’s lighting systems, $0.60 for improvements to HVAC systems, and $0.60 for the building envelope. In addition, governmental entities may allocate their deductions to the primary designers—including architects and engineers—of energy efficiency measures in public buildings. Given the typically large size of commercial and public buildings, the §179D deduction may yield hundreds of thousands of dollars in tax savings.

Unfortunately, the §179D deduction expired on December 31, 2016, but the Bipartisan Budget Act of 2018 retroactively renewed it for projects completed in 2017 only. Therefore, commercial building owners and primary designers should act swiftly to determine whether they may be able to claim the deduction for qualifying projects completed in 2017. Additionally, taxpayers should stay tuned for future renewals of the §179D deduction; due to the widespread popularity of this incentive, there is a chance that it will be retroactively renewed for projects completed in 2018 and subsequent tax years.

Determine eligibility for the Research and Development (R&D) Tax Credit.

The R&D Credit is one of the most lucrative incentives in the tax code, yet it remains underutilized by many eligible businesses that mistakenly assume that it is only available for high-tech or scientific research. In reality, the R&D Credit rewards a wide range of activities routinely performed by businesses in a variety of industries, including architecture, engineering, manufacturing, and construction. This important incentive was formerly a “tax extender” like the §179D deduction, expiring at the end of each year and being renewed based on the approval of Congress. However, the Protecting Americans from Tax Hikes (PATH) Act of 2015 permanently added the R&D Credit to the tax code and made it more applicable to newer and smaller businesses. Specifically, the PATH Act allowed businesses that have been in operation for fewer than six years, have no more than $5 million in gross receipts for the current tax year, and had no gross receipts in the previous five years to apply up to $250,000 of R&D Credits per year toward their payroll tax liabilities. In addition, recent changes have alleviated alternative minimum tax (AMT) limitations that businesses faced when trying to maximize tax savings with the R&D Credit and other incentives.

Given the expansion of the R&D Credit, businesses in various industries should review their project records and consult a tax expert to determine whether they may be eligible. To claim the credit, businesses must present substantial documentation of qualified research activities, including payroll records and project lists, so they are advised to begin preparing records as early as possible. For many businesses, however, the effort involved in claiming the R&D Credit is amply rewarded with hundreds of thousands of dollars in tax savings that may be used in the current year, or carried back or forward for use in other tax years as needed.

Ensure compliance with state sales tax laws.

With over 10,000 sales tax jurisdictions across the country, businesses—particularly those that sell goods out of state—have always faced a confusing patchwork of differing rates and exemptions. However, complying with other states’ sales tax laws has become increasingly important since June 2018, when the U.S. Supreme Court issued a pivotal decision in South Dakota v. Wayfair. In Wayfair, the Court held that states may require retailers to collect sales tax on online purchases—even if the retailer does not have any physical presence, such as a store, office, or factory, within the state. Several states have already responded by enacting legislation requiring out-of-state retailers that meet certain criteria to collect sales tax, and many of these states are beginning to aggressively seek out any remote sellers that fail to comply. As a result, numerous businesses now need to keep track of the varying sales tax rules and rates across the country. Businesses should therefore adopt systems to monitor out-of-state sales transactions, and consult their tax advisors to ensure compliance with the sales tax laws of all states in which they have customers.

Take advantage of bonus depreciation.

Traditionally, the concept of bonus depreciation has permitted taxpayers to depreciate a certain percentage of the cost of business property during the year it is placed into service, and then depreciate the remainder of the cost over the course of the property’s useful life. By depreciating a greater percentage upfront—rather than in equal proportions over the property’s life—bonus depreciation allows businesses to claim more substantial and immediate tax savings. However, the Tax Cuts and Jobs Act expanded bonus depreciation, allowing businesses to deduct the following amounts of the cost of eligible property during the year it is placed into service: 100 percent from now through the year 2022, 80 percent in 2023, 60 percent in 2024, 40 percent in 2025, and 20 percent in 2026. Additionally, the new law allows businesses to claim bonus depreciation for used, as well as new, property. By taking advantage of these changes to bonus depreciation, businesses can maximize tax savings with more valuable deductions.

Invest in Opportunity Zones.

Another way in which the Tax Cuts and Jobs Act changed the tax code was with the addition of Opportunity Zones, which are economically disadvantaged communities in urban and rural areas. With a goal of stimulating economic growth and job creation, the new tax law allows certain investments in these communities to qualify for favorable tax treatment. Specifically, investors may defer tax on any prior gains invested in a Qualified Opportunity Fund (“O-Fund”) until either the date on which the investment is sold or exchanged, or December 31, 2026—whichever is earlier. O-Funds are partnerships or corporations that serve as vehicles for investing in eligible property located in Opportunity Zones. If the investment in an O-Fund is held for more than five years, there will be a ten percent exclusion of the deferred gain, increasing to fifteen percent if the investment is held for more than seven years. If the investment is held for at least ten years, the investor will qualify for an increase in basis equal to the investment’s fair market value on the date when it is sold or exchanged.

Determine eligibility for the new employer credit for paid family and medical leave.

Under §45S of the tax code, the Tax Cuts and Jobs Act offered employers a new tax credit for providing paid family and medical leave for qualifying employees. The credit is equal to a percentage of wages paid while employees are on leave. To claim the credit, employers must have a written workplace policy that provides at least two weeks of paid family and medical leave each year to all qualifying full-time employees; wages paid during leave cannot be less than half of the employee’s regular wages. Qualifying employees are those who have worked for the organization for at least a year and who, in the preceding year, did not earn more than $72,000. (This salary threshold may change in future tax years.) According to the IRS, “family and medical leave” encompasses a variety of circumstances, including the birth of an employee’s child, the placement of a child with the employee for foster care or adoption, and an employee’s own serious health condition or that of his or her spouse, child, or parent.

Employers that provide paid family and medical leave in accordance with IRS guidelines will receive a tax credit of at least 12.5 percent of the wages paid to a qualifying employee while he or she is on leave for up to twelve weeks per year. The credit amount increases by 0.25 percent for each percentage point that paid leave wages exceed 50 percent of the employee’s regular wages. Therefore, employers may claim the maximum credit of 25 percent of wages paid by continuing to pay employees at their regular salaries while they are taking family and medical leave. At this time, the new paid family and medical leave credit will not be available after December 31, 2019. Until then, however, all businesses with employees should review their workplace policies to determine whether they may be eligible for this generous tax credit.

Perform a cost segregation study.

The IRS-approved strategy of cost segregation offers a powerful way for commercial building owners to reduce their tax burdens through accelerated depreciation deductions. Most real property is depreciated over a period of 39 years, while tangible personal property is depreciated over five, seven, or fifteen years. Typically, therefore, taxpayers may claim more substantial and immediate depreciation deductions for personal property assets. However, cost segregation studies—which are performed by third-parties with tax and engineering expertise—identify assets within a building that may be reclassified as personal property. These assets may include wall coverings, carpeting, plumbing or electrical fixtures, and more. By reclassifying these real property assets as personal property, commercial building owners can minimize their taxes and increase cash flow through accelerated depreciation deductions.

Consider whether recent hires qualify for the Work Opportunity Tax Credit (WOTC).

Created with a goal of helping certain categories of job applicants overcome barriers to employment, WOTC offers employers a tax credit of up to $9,600 for each new employee hired from a target group. These target groups include veterans, ex-felons, and recipients of some forms of government assistance. To claim WOTC, employers must file the initial paperwork with their state workforce agency within 28 days of the new worker’s start date, so it is important for businesses to have systems in place for identifying WOTC-eligible job candidates and new hires. WOTC is one of the tax extenders, but was renewed by the PATH Act through December 31, 2019.

Consider tax incentives at the state and local levels.

In addition to the many tax savings opportunities found in federal law, numerous cities and states across the country offer their own tax incentives for businesses. For example, many states have R&D tax credits—which may be even more generous than the federal version.

It is also particularly important for businesses that are expanding and/or adding new employees to explore the incentives available at the state and local levels. These expansion incentives may include tax credits, exemptions, rebates, and training grants. However, many such incentives must be negotiated in advance of any final decision to expand or relocate.

In light of the Tax Cuts and Jobs Act and other changes to state and federal tax law, now is the time for businesses in all industries to work with their tax professionals to claim the savings opportunities available to them. With proper planning, a comprehensive tax strategy can be a powerful way for businesses to boost their bottom lines, freeing up cash to fuel future growth and success.


Jordan Taylor, CPA, CEO/Tax Director, of Capital Review Group,

How Small Businesses Can Bounce Back from Online Threats and Data Breaches

If you pay attention to the news, you know that no business is impervious to hackers and cyber attacks. In fact, even major corporations like Target and Marriott have been impacted by data breaches over the past few years. So, is there anything you can do to protect your own small business? As it turns out, there are some fairly simple measures you can take to help safeguard your business from threats and help it recover in the event of a cyber attack.

 Audit All Hardware and Software Systems

You can protect yourself from data breaches from the start by opting for secure hardware and software for your small business. If it has been a while since you reviewed your systems, now is the perfect time to do so. To protect your sensitive business data, it’s crucial to thoroughly research the companies you use for hardware and software so that you can be sure that data security is addressed by their products. If you can’t find this information or are not sure about your current systems, it may be best to make a few upgrades.

Your payment acceptance systems and programs should be among the first reviewed. If you discover that yours is not as protected as it could be, you should invest in a more secure payment system that has top-quality data security and fraud prevention built-in. Securing your payment systems is a simple tactic for preventing data breaches from disrupting your business, especially since consumer credit card data is commonly targeted by small business hackers. This puts small businesses in the unenviable position of having to mitigate any potential damage and earn customer trust back again in order to recover.

Review Employee Data and Device Usage Policies

While having the right software and hardware can help protect your company’s data, your first line of defense has to be your employees. Employees are privy to sensitive business and customer information every single day, so make sure you safeguard it with effective policies. One practice that has the business community divided is the use of personal devices for the completion of business tasks and communications. This may seem like a cost-effective way for employees to work from home or out in the field. However, a simple mistake is all it takes for hackers to access your company’s information on these unsecured personal devices. If your employees fail to install antivirus software or forgets to update their operating system, for example, any business-related content could be left vulnerable to attacks.

Employees who leave your company can also pose a risk to your data privacy, so take the right steps to ensure your business is fully protected. This may include ensuring that you can wipe company-owned devices and data from devices remotely. So, consider using specialized security apps to delete sensitive business and client information from lost or stolen devices.

Use Secure Email Providers for Business Communications

Implementing the best practices for employee data and internet usage can go a long way in shielding your business from attacks. However, those same employees should also be on the lookout for emails and websites that could link to phishing scams. Hackers are getting pretty good at sending these mock emails or website information to small businesses, attempting to hook users with alarming messages that prompt them to log in or provide sensitive data. Include phishing danger signs in your data training and ensure that your email provider is secure. Using a free account is not always the best choice for small businesses, so make sure your provider uses encryption and filters to properly protect your business from hacking attempts, suspicious spam messages, and malware.

Malware infections can cut into your profits, but more importantly, they cut into your trust with your customers. That damage is often much harder to repair. So, your best bet is to prevent malware and cyber attacks from affecting your small business in the first place.

Being the victim of a data breach or cyber attack is bad for business. That said, you can lessen the online threat to your small businesses with a few preventative steps and measures. So, get proactive about protecting your business’s data.