Small Business Owners: Take Note of Verizon DBIR Recommendations for Avoiding a Cybersecurity Attack

According to the 2022 Verizon Data Breach Investigations Report (DBIR), businesses with 10 or fewer employees are becoming more enticing to cybercriminals. The two most common cybersecurity attacks on very small businesses are ransomware and credential (username and password) theft. A cybersecurity attack or incident can cause severe damage to a company, often irreparably.

The 2022 DBIR includes recommendations for actions business owners can take to avoid becoming a target of a cybersecurity attack. They are worthy of the attention of all business owners, including owners of very small businesses:

  1. Use multifactor authentication.

  2. Do not reuse or share passwords.

  3. Use a password keeper/generator.

  4. Change the default credentials on all hardware and software.

  5. Install software updates promptly so that vulnerabilities can be patched.

  6. Work with vendors to ensure you are as secure as possible and that they are also following the same basic guidelines.

  7. Keep a consistent schedule with regard to backups and maintain offline backups (data not on a device connected to a computer).

  8. Ensure that the built-in firewall is switched on for devices such as laptops and desktops.

  9. Use antivirus software for all your devices.

  10. Do not click on anything in an unsolicited email or text message.

  11. Set up an out-of-band method for verifying unusual requests for data or payments.

  12. Ensure that a computer used for financial transactions is not used for other purposes such as social media or email.

  13. Use email services that incorporate phishing and pretexting defenses and use a web browser that warns you when a website may be spoofed.


The Verizon DBIR provides valuable and actionable information. It is relied upon by cybersecurity experts and business owners across the globe. Click here to watch our recent webinar on this topic.

About the Author(s)
Bill Heaven is a senior director in HBK’s IT Department. He specializes in cybersecurity, IT security, external IT audit, internal IT audit, IT consulting, software development, IT governance, PCI-DSS, supply chain, system implementations, and e-commerce. You can reach Bill at 330.758.8613, or by email at wheaven@hbkcpa.com.
Hill, Barth & King LLC has prepared this material for informational purposes only. Any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or under any state or local tax law or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein. Please do not hesitate to contact us if you have any questions regarding the matter.

RECOMMENDED ARTICLES