Small businesses are quickly deploying various technologies to better serve their customers and manage their business more efficiently. Different kinds of technologies, however, come with a variety of risks and require alternative strategies for protection.

Follow these “Quick Wins” as a starting point to help outline your organization’s security awareness training program.


  • Require strong, unique passphrases on email accounts.
  • Turn on two-factor authentication.
  • Do not use personal email accounts for company business.
  • Employees should know not to open suspicious links in email, tweets, posts, online ads, messages or attachments – even if they know the source.
  • Employees should also be instructed about your company’s spam filters and how to use them to prevent unwanted, harmful email.


  • Create unique, strong passphrases.
  • Separate user and administrative accounts.
  • Keep a clean machine: Update software regularly.
  • Avoid web browsing on POS terminals
  • Use antivirus protection.


  • Make sure your computer operating system, browser, and applications are set to receive automatic updates.
  • Ensure all software is up to date. Get rid of software you don’t use.
  • Your company should have clear, concise rules for what employees can install and keep on their work computers.
  • When installing software, pay close attention to the message boxes before clicking OK, Next or I Agree.
  • Make sure all of your organization’s computers are equipped with antivirus software and antispyware. This software should be updated regularly.
  • Limit access to data or systems only to those who require it to perform the core duties of their jobs.


  • Spell out your privacy and security expectations in clear, user-friendly language to service providers.
  • Understand how their services work and to what you are giving them access.
  • Build in procedures to monitor what service providers are doing on your behalf.
  • Review your privacy promises from the perspective of a potential service provider.
  • Spell out expectations and scope of work in a formal agreement/contract.