Small Business Security Checklist


Small businesses are often easy targets for hackers. Any breach of your system has the ability to distort operations, compromise confidential data, and destroy trust in your business. It is important for small businesses to understand the risks and security vulnerabilities.

Avoid unknown USB drives

Most USB peripherals can be effectively reprogrammed for the sole purpose of stealing the contents and information of anything that has been written to the drive and to subsequently spread the firmware-modifying code to any computer that it comes into contact with. The expected consequence could be a self-replicating virus that propagates easily through spare thumb drives. Such a USB can affect the business in two ways:

  • A USB device can mimic an actual keyboard and execute commands like stealing files or installing malwares.
  • It can pretend to be a network card and alter the domain name system of the targeted computer; this lets the hacker type any URL to a website of their choice and secretly redirect traffic.

This even applies to cables. An article from Bleeping Computers details just such a malicious cable. Similarly, don’t insert your USB devices into untrusted computers. If a USB device can be used to infect another device, another device can be used to infect a USB device, continuing the chain of infection.

Avoid Free USB Charging Ports

We know the last one was probably obvious, but when was the last time you plugged your phone into an airport USB charger port? Or maybe you juiced up at the local coffee shop? If it is a USB port, cable, adapter, or other peripheral, treat it the same as you would an unknown USB device or untrusted computer. It isn’t just personal computers that hackers are targeting nowadays and your phone is just as valuable to them as any other source of data you might own. You wouldn’t plug a random USB drive you found on the street into your company mainframe (at least I hope you wouldn’t) so why would you plug your phone into a random USB plug that you found in a public library?

Avoid Unsecured WiFi/Data

Not only do we not recommend using public wifi to do secure tasks, we also don’t recommend that you save public wifi connections on your device. Due to the absurd way in which wireless devices discover and connect to wifi networks, having a public, unsecured wifi network saved on your device means that anyone can cause your device to connect wirelessly to their network. Imagine you are a spy, tasked with delivering a secret message to an undercover contact at a local cafe. You arrive at the cafe, secret message in your pocket, and openly ask if anyone is named Basil.

Absolutely anyone in the room can claim to be Basil. Since your spy agency hasn’t yet come up with basic operational security measures, you have no way of confirming if the devious looking gentlemen with the poorly-fitting bald cap, garish silver jumpsuit, and hairless cat sitting in the corner is actually the Basil you need to reach, or the leader of the villainous organization you are working to capture. If you think that sounds absurd, that is actually exactly how your phone and laptop finds their wifi connection at the office and at home. But did you know it also tries to do it all the time at every location you enter for all the networks it remembers? Silly right? So yeah, public wifi with no password is a bad idea regardless of what you are doing, and if you absolutely MUST use your local cafe wifi, be sure to forget the network when you leave.

Sharing banking information over public wifi jeopardizes the business. We recommend that small businesses should understand the risks associated with public wifi in order to ensure their business data and information does not become a hacking statistic.

Keep reading at on September 3, 2020.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Joshua Maddux

Joshua Maddux


I help companies build and maintain a better web presence through Information Architecture, Project Management & Web Strategy.