Five cyber security habits every small business owner needs

Executive overview

Small businesses are easy targets for cyber criminals, yet most owners assume attacks only happen to large companies. Around 80% of small business owners have observed habits in their teams that increase vulnerability to cyber crime.

Five simple, non-technical habits eliminate the most common entry points for attackers.

Fixing bad defaults — shutdowns, passwords, updates, and logins — removes most of the risk.

The five habits

1. Shut down your computer nightly — sleep mode skips automatic security updates; a full shutdown installs them
2. Replace passwords with passphrases — a passphrase is a longer string of words or a sentence, far harder to crack than a short character set
3. Use a password manager — tools like LastPass or 1Password store unique credentials for every account so one breach doesn't cascade
4. Report suspicious emails, don't just delete them — alerting the right person or ScamWatch lets senders be blocked and staff warned
5. Give each team member a unique login — shared passwords mean one compromised account can expose everyone; individual logins also limit insider-threat risk
6. Act on software updates promptly — hackers exploit known vulnerabilities; setting devices to auto-update closes the window of exposure