5 Cybersecurity Tips Every Business Can Use

• By: Olivia Overman
• October 13, 2025

No matter the size of a business, it is susceptible to a cyberattack. Consequently, “every business needs cyber insurance; however, depending on the industry, some need higher levels of coverage,” says Mike Maletsky, vice president of technology errors & omissions and cyber, Hiscox. “Buying the right amount of cyber insurance is key to avoid a situation where the limits are not covering the scale and scope of the cyber event.”

As threat actors continually become more proficient in their ability to access company’s systems, there are steps all businesses can take to improve their security. Here are five tips:

1) Audit data. “Most customers assume that, if they want to improve their risk posture, they have to spend a lot of money on cyber tools,” says Patricia Kocsondy, head of global cyber digital risks, Beazley. “But there is a no-cost—or very low-cost—option to immediately improve your ability to avoid or reduce the severity of a cyber incident: by first being aware of what data you have, and if you have any data that you don’t need to keep, get rid of it.”

“Data drives a lot of cyber incidents and, especially in the U.S., notification requirements are a huge factor,” agrees Michelle Waldron, vice president of cyber services, Beazley Security. “If you are looking to minimize the damage caused by an incident, it almost certainly will fall within the world of how you store, manage and delete your data.”

2) Educate employees. “A business’ greatest weakness is its least-trained employee,” Maletsky says. “The ‘2025 Hiscox Cyber Readiness Report’ even found that almost half (41%) of businesses saw insufficient employee awareness as a reason for why the risk of cyberattacks has increased.”

“Understanding that humans are likely our weakest links and over half of our incidents are based on employees clicking on malicious links, if we can educate our people to avoid clicking on malicious links, that is a no cost or low-cost option for all companies to implement,” Kocsondy says. “This will immediately improve a company’s risk posture without spending any money.”

Additionally, “businesses should focus on building a culture of honesty and transparency around reporting cyber concerns,” says Shawn Ram, chief revenue officer, Coalition. “Employees should be encouraged to report mistakes they may have made without fear of reprisal, because a crisis can more likely be averted with quick action.”

3) Role-based access. “Follow the principle of least privilege by granting users only the minimum access necessary for their role,” Ram says. “This limits the blast radius across the supply chain if an account is ever compromised.” 

4) Implement multifactor authentication (MFA). “Encourage clients to implement MFA everywhere possible—that’s one of the easiest ways to stop a lot of attacks,” says Rachel Rossini, head of mid-market, cyber, AXA XL. 

MFA can protect a company from 99.9% of account compromise attacks, according to Microsoft. “With MFA in place, even if attackers steal a password, they won’t get in without another verification step,” Ram says. “Properly implemented and enforced MFA almost completely mitigates the risk of stolen credentials, so it should be every small businesses’ first step.”

5) Set a strategy.  Companies should set a strategy to fortify where they are most vulnerable, including understanding the characteristics that could make them attractive to a threat actor.

“All companies need to understand their areas of vulnerability in terms of how they’re set up, how they’re run, what their business model is and what is most important to them,” Kocsondy says. “It may be protecting the crown jewels, the assets and systems critical to uptime for a business to maintain operations, or even something that makes their business different from others and gives them a competitive edge.” Threat actors may see these areas as targets.

“Understanding what the business is and what is most important to them will help inform what they need to protect—a strategy can be set from there,” Kocsondy explains.

Olivia Overman is IA content editor.