Top 10 cybersecurity mistakes small businesses make – and how to fix them

You don’t need a high-tech vault. You just need to stop being sloppy.

Most small businesses still think cybercrime is a big company problem. That’s why they’re the softest targets. Not because hackers are smart. But because owners are careless.

Here’s what I see every week. And what you must do.

a) No backups. Or backups connected to the same network

(i) When ransomware hits, your backups become useless if they’re on the same network.

(ii) Fix: Keep offline backups. Back up daily. Test weekly.

b) Weak passwords reused across accounts

(i) The receptionist uses “123456” for email, social media, and admin panel.

(ii) Fix: Enforce strong, unique passwords. Use a password manager like Bitwarden or 1Password.

c) No two-factor authentication (2FA)

(i) One password is never enough. Hackers can buy them off the dark web.

(ii) Fix: Turn on 2FA on all critical accounts email, finance, admin.

d) No cybersecurity training for staff

(i) Most attacks succeed because someone clicked something.

(ii) Fix: Train your staff quarterly. Teach them to spot phishing and fake invoices. Run simulated phishing tests. At Institute of Forensics & ICT Security, we provide affordable training solutions for enterprises. Visit www.forensicsinstitute.org to learn more.

e) Using pirated or outdated software

(i) Hackers exploit old software with known vulnerabilities.

(ii) Fix: Use licensed software. Enable automatic updates. Schedule patch management.

f) No firewall or antivirus monitoring

(i) Installing antivirus and never checking it is like locking a door and leaving the key outside.

(ii) Fix: Get active threat monitoring. At a minimum, use tools like Sophos or ESET.

g) Poor email security settings

(i) Attackers spoof your domain and trick your clients.

(ii) Fix: Set up SPF, DKIM, and DMARC records for your domain. Your hosting provider can help.

h) Shared accounts with admin rights

(i) Everyone uses one account. No logs. No accountability.

(ii) Fix: Give users only the access they need. Enforce role-based access control.

i) No incident response plan

(i) Something goes wrong and everyone panics. No one knows what to do.

(ii) Fix: Draft a simple cyber incident plan. Include contacts, steps to isolate threats, and recovery plans.

j) Ignoring mobile devices and Wi-Fi networks

(i) Staff connect personal phones to office Wi-Fi. No control.

(ii) Fix: Use guest networks. Secure mobile devices with screen locks, encryption, and remote wipe options.

In 2023 alone, over UGX 12 billion was lost in Uganda due to preventable cyber incidents most in small businesses.

You don’t need a cybersecurity budget of $100,000. You need discipline.

Start with backups. Then train your people. That alone stops 80% of attacks.

Read our latest Articles

The Rising Tide of Internet Fraud in Uganda: A Call for Vigilance and Action

Write an effective investigation report

Is conducting IT Audit necessary when you have adequate security controls in place?

Physical security: What Organizations are lacking in their security strategy?

The Incognito kids

A case for fraud risk maturity assessment

For Inquiries about anything, please contact us right now.

A dedicated team of staff are waiting to answer your inquiries.

Please submit an inquiry.

Submit an Inquiry

About IFIS

Using IFIS

IFIS Support

Popular Courses

Small Print

© All rights reserved Institute of Forensics and ICT Security | IFIS is the training arm of Summit Consulting Ltd

Report

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .

Ifis Updates

Subscribe to our newsletter

You will be able to get all our weekly updates through the email you submit.

Newsletter

No Thanks

Subscribe to Newletter

Subscribe to our newsletter and stay updated with the latest in cybersecurity and digital forensics.

No Thanks