As National Cybersecurity Month draws to a close, the Wikileaks releases and high profile large enterprise breaches may be on everyone’s mind. However, data released this month from Manta shows that small business cybersecurity is just as important, as one in ten have experienced a data breach.

Manta conducted the survey of nearly 1,000 small business owners in October, National Cybersecurity Month. Most of the small business owners polled are optimistic that they won’t be breached. But the optimism may be unwarranted.

While 97% of small businesses don’t think they’re at risk of a data breach, the truth is, one in ten of the small businesses surveyed have been hacked. Despite the optimism, 69% of small businesses do have¬†some measure of cybersecurity in place. What’s troublesome is the lack of formal policies at 30% of small businesses. They don’t have policies around employee IT training, antivirus software and/or firewalls.

And in a misguided effort at small business cybersecurity, 64% of small businesses don’t allow employees to use their personal devices for work purposes. Only 20% do have a BYOD (bring your own device) policy.

5 Small business cybersecurity basics

For small businesses wondering if what they’re doing is enough – or what they should be doing at all, the web is full of valuable resources:

The U.S. Small Business Administration Learning Center offers a free 30-minute cybersecurity basics course delivered via streaming video. It covers what cybersecurity is, what types of cyberthreats exist, and what best practices small businesses can implement.

The U.S. Federal Communications Commission offers some simple cybersecurity tips for small businesses. (Also, this page is a gold mine for resources.) Here are five of them to help you get started:

  1. Train employees. Your employees are your first line of defense, so train them in the basics: strong passwords, internet use guidelines, and what the penalty is for violating policy. It may seem unnecessary, but there is at least one person who will download a kitten-themed PowerPoint in your office and infect your entire network. (I’ve seen it happen. It was not pretty.)
  2. Protect your endpoints. That means to make sure you’re running the latest version of your operating system and security software. Update your antivirus software and web browser. Set your antivirus software to scan automatically.
  3. Use a firewall for your internet connection. Firewalls protect your systems from hackers. Make sure the firewall on your computers are enabled, and if your employees work from home, require them to use firewall software on their personal machines.
  4. Secure your Wi-Fi network. If you’re running a Wi-Fi network, make sure it’s secure, encrypted, and hidden. Hide your network by configuring it in the router so it doesn’t broadcast your network’s name. Make your password incredibly difficult. Don’t give it out. Consider setting up a separate Wi-Fi network for guests and employees.
  5. Enforce password policies. Require your employees to use strong passwords (e.g., not “password” or their names). Have them change their passwords every three months. Consider using multi-factor authentication that requires more than a password.