Key takeaways
- Cyber is the No. 1 business risk again, according to Allianz’s 2025 Risk Barometer.
- Smaller firms are juicy targets. Sophos handled ransomware at 70 % of companies under 500 employees last year.
- Five free tweaks—all doable in minutes—can cut your breach odds roughly in half, insurers say.
Why “too small to hack” is a myth
Attackers don’t hand-pick victims; automated scans look for easy wins. Verizon’s latest DBIR shows most breaches still start with stolen passwords or unpatched gear—both fixable in a coffee break.
Your five-point checklist
1. Flip on multifactor authentication everywhere
Microsoft 365 → Settings ▸ Security ▸ Require MFA
Google Workspace → Admin ▸ Security ▸ 2-Step Verification → Enforce
Why: insurers such as Hiscox say robust basics like MFA can earn premium discounts and cut payout odds. Hiscox
2. Make sure automatic updates are actually enabled — including on the office router
One missed patch equals a welcome mat; unpatched flaws fuel one-fifth of breaches. Verizon
3. Check last night’s backup and keep one copy offline
Open your backup app, confirm a green tick from the past 24 h, then drop a duplicate onto a USB stick or cold-cloud vault. Sophos found almost every ransom payer lacked a clean restore. Sophos News
4. Point CISA’s free “Shields Up” scanner at your domain
Head to cisa.gov/shields-up → “Free Scanning.” You’ll get a weekly report in plain English listing open holes. CISA
5. Print — yes, print — an incident cheat-sheet
Write down: your cyber-insurer hotline, bank fraud desk, FBI IC3 link, and IT provider’s mobile. Tape it to the modem. Allianz data show losses double when teams flounder during the first hour of a breach. Allianz Commercial
Need more help?
- CISA’s Small Business Portal offers step-by-step guides, tabletop drills, and live advisers—free.
- Most cyber-insurance riders include 24 / 7 breach coaching; call them before you consider paying a ransom.
Bottom line: You don’t need a CISO or six-figure budget. Knock out the five tasks above and move your company off the internet’s low-hanging-fruit list—before the next automated scan finds you first.
Stats current as of May 28 2025. Replace placeholder interviews with confirmed quotes before publishing.
