5 IT Security Tips for Small Businesses

IT security is no longer a luxury – it’s mandatory. But you don’t need a huge budget. Here are 5 essential measures every small business should implement.

1. 🔐 Backup, Backup, Backup!

The most important rule: Your data must be backed up multiple times.

The 3-2-1 Rule:

  • 3 copies of your data
  • 2 different media (e.g., NAS + external hard drive)
  • 1 copy offsite (e.g., cloud or external location)

Practical Tip:

Daily backup → local NAS
Weekly backup → external hard drive (physically separated!)
Monthly backup → Cloud (encrypted)

Cost: From €200 for basic setup
Risk without backup: Total loss from ransomware or hardware failure

What I recommend:

  • Proxmox Backup Server (free, open-source)
  • External 2TB HDD (~€60) – NOT permanently connected!
  • Restic or Borg Backup for cloud backups

2. 🛡️ Set Up a Firewall (not just a router!)

Your FritzBox router is not adequate protection.

Why a real firewall?

  • Content filtering (blocks malware domains)
  • Intrusion prevention (IPS)
  • VPN access for home office
  • Traffic control per device

My recommendations:

Free:

  • OPNsense or pfSense on old hardware
  • Required: Old PC (2 network cards)

Hardware solution:

  • Sophos XG Firewall Home (free for up to 4 devices)
  • From ~€300 for entry-level device

What you gain:

✅ Protection from 90% of all web threats
✅ Secure home office access
✅ Network overview (who surfs where?)

3. 🔑 Strong Passwords & 2FA

Fact: 80% of all hacks exploit weak passwords.

Use a password manager!

For businesses:

  • Bitwarden (open-source, self-hostable)
  • 1Password Business (~€8/user/month)

For individuals:

  • Bitwarden Free (sufficient for private use)
  • KeePassXC (100% offline)

Two-Factor Authentication (2FA):

Enable 2FA for:

  • Email accounts (Microsoft 365, Gmail)
  • Online banking
  • Cloud services (Dropbox, Google Drive)
  • Social media (LinkedIn, Facebook)

App recommendation: Aegis Authenticator (Android) or 2FA Authenticator (iOS)

4. 📧 Phishing Awareness Training

90% of all cyberattacks start with a phishing email.

What your employees need to know:

Never click links in unexpected emails
Don’t open attachments from unknown senders
When in doubt, verify by phone
Always check URLs (not invoice-telekom.info – but telekom.de!)

Practical Tip: Phishing Test

Send your team a test phishing email (with their knowledge!) and see who clicks.

Free tools:

  • GoPhish (self-hostable, open-source)

5. 🔄 Automate Software Updates

Unpatched software = open doors for hackers.

What should be automatically updated:

  • Operating systems (Windows, Linux)
  • Browsers (Chrome, Firefox, Edge)
  • Office software
  • Plugins (Adobe Reader, Java)

For Windows:

  • Enable Windows Update (automatic installation)
  • WSUS for central management (from 10+ PCs)

For Linux:

# Debian/Ubuntu: Automatic updates
sudo apt install unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgrades

For software:

  • Chocolatey (Windows) or Ninite for automatic app updates

Bonus Tip: Perform Security Audit

Have an IT security check done once a year:

✅ Network scan for open ports
✅ Review password policy
✅ Backup test (practice recovery!)
✅ Review firewall rules

Cost: From €500 for basic check (half day)
Benefit: Find vulnerabilities before hackers do

Conclusion

IT security doesn’t have to be expensive. These 5 measures cost under €1,000 one-time and protect you from 90% of all threats:

  1. 3-2-1 backup strategy
  2. Real firewall (OPNsense/pfSense/Sophos)
  3. Password manager + 2FA
  4. Phishing training for employees
  5. Automatic updates

Need help?

I can help you with implementation:

📞 Phone: +49 173 907 44 79
✉️ Email: [email protected]
🌐 Website: asadim.de

Free initial consultation – I’ll review your current situation and provide concrete recommendations.