A guide to online privacy for your small business

Ruth G. | October 22, 2020
29 mins

Every time we use the internet we give away information about ourselves.

Online privacy is about limiting the access that websites and third parties have to our data.

If you thought digital privacy was just an issue for large corporations and business heavyweights like Facebook, Amazon, and Target, think again. Small companies and their employees are increasingly under the gaze of cybercriminals. As it stands today, more than 43 percent of cyber attacks against businesses are targeted at smaller firms. That’s nearly half.

Online snoopers use all sorts of methods to invade your privacy and poach your data. As it stands, many small businesses don’t take the necessary steps to limit their exposure to possible breaches. It’s increasingly commonplace for small companies to lose customers’ trust or face legal battles over avoidable privacy mishaps and oversights.

The issue of personal privacy and information security is only going to deepen for small businesses as digital data grows in importance to modern business. It’s not limited to sites that sell products and handle credit card information. Even if your website is simply a landing page with your company’s fixed address, you need to pay attention to how you browse, send, and receive data online.

Protecting your website and data files from prying eyes might not be your highest priority now, but making the right adjustments for safe interactions with the web can save you time and money while keeping customers on your side.

This straightforward guide to common data security and online privacy tools is designed to help any small business keep their browsing sessions private and client interactions secure. It’s okay if you don’t understand acronyms like VPN or 2FA — stick with us and you soon will.

Why do cyber attackers target small businesses?

According to Michael Kaiser, Executive Director of the National CyberSecurity Alliance, "Nearly half of all cyber attacks target small businesses." Small-scale companies are easy targets for online hackers because of a handful of reasons. Unfortunately, most small business owners either aren’t aware of these issues or don’t invest in the right security software and training to minimize these problems.

Irrespective of why you might be targeted, take a moment to mull over these statistics from the Better Business Bureau:


The percentage of data breaches that target small businesses


The average cost for a small business to fix a data breach

Why stay private?

You might think "I’m a law-abiding citizen, I’ve got nothing to hide," but that’s simply not the case in the current information economy. Through cookies and other tools, online companies collect far more sensitive information about us than we would knowingly share.

The privacy of you and your business relies on your data being secure. If you’re operating a small business online, you likely have clients’ contact details, orders, invoices, and your own files to protect.

Privacy is more important than ever for small businesses whose website, emails, and data are likely under attack — and a successful attack could mean bad things. For example, if your privacy protection measures aren’t strong enough that malicious software hacks your site, it’s possible that internal systems connected to it could be vulnerable to ransomware and other attacks.

Implementing online security practices aren’t just to protect you personally, you’ve also got your visitors to think about. If your site gets infected it can download malicious software and viruses to unsuspecting visitors who click on links or launch unwanted ads — and that’s not going to go over very well with prospective customers.

Nine ways to protect your business’ online privacy

Clay Calvert, director of security at MetroStar Systems said it best when talking to the New York Times: "Smaller companies are easier to hack." Don't suffer the fate that others have - follow these eight pointers to safeguard your privacy and data online.

Use two-factor authentication

Advancements in technology have made it easy to crack someone's password. Some tools allow hackers to test thousands of password combinations per second. These tools are easy to come by, and they can expose 90% of all passwords. These days, even a 'strong' password isn't good enough. Passwords alone don’t provide a strong enough identity check.

Given that anyone who takes possession of a password can waltz into an account and take whatever they need, all logins pertaining to your emails, banking, and website login need to be bolstered with two-factor authentication (2FA). 2FA was devised as an answer to the shortcomings of the password. It boosts security by providing an extra layer of account protection, like a PIN or confirmation request sent to your phone in real time.

2FA has become a popular and easily implementable method of preventing cyber attacks. For example, most online banking services allow account access once your password and a combination of numbers generated from a security device have been verified. Entering a numeric code for heightened authentication is the most common form of 2FA, granting users access to all sorts of services from email to online banking. We use it to help secure our Namecheap account login.

2FA for transferring data

Software like Duo Security will protect your data from getting into the wrong hands. If your company sends sensitive information over the internet, you should be using a tool like Duo. Duo provides a trusted access system where data can’t be intercepted. For simplicity, Duo has its own authentication app, Duo Push, that works with your smartphone for identity verification.

It’s also vital to secure your business email account. Even if you don’t rely heavily on email for your day-to-day operations, the email account linked to your business must be secure. If someone gained access, they could enter into any of your accounts by clicking the ‘Forgot password?‘ button, to reset your password and lock you out. They could take down your website this way by breaking into your website builder account or your content management system for example. For this reason alone, you should also consider an email server that offers 2FA.

These days, many email servers offer two-factor authorization. Popular email platform Gmail has a version, as do Yahoo, Hotmail, and many others. The way of turning 2FA on depends on the service you enable it for, as there is no unified way to enable it for every service. For detailed information on two-factor authentication and how to set it up, consult this helpful guide to 2FA by the team at PCMag.

Add a firewall

It’s a common misperception that hackers only go after the big sites. What could they possibly gain from hacking a site that only gets a few hundred visitors each month? Quite a lot, actually. Hackers aren’t just after taking large volumes of ‘big’ data like credit card information and social security numbers from databases of millions of people.

In reality, hacks occur for seemingly less destructive purposes. Many hackers look to infiltrate a server to send out masses of spam email. To do this, they install unwanted code on your system. This type of infiltration will not only affect the performance and reliability of your website but could result in a “This site may be hacked” warning in search results. 

Other costly side effects include denting consumer confidence and loss or destruction of your data. In the worst-case scenario, your emails could become corrupted by malware - according to a study by Verizon, in 2018, a whopping 92.4% of malware was delivered via email.A firewall protects both your website and email by creating a set of rules. You can block unwanted incoming traffic from landing on your site as well as defend against hacks such as brute force, DDoS, and virtual patching from popular CMS platforms like WordPress and Drupal.

Firewalls go beyond protecting your site and emails. They are your first line of defense against cyber attacks on your office network. If your business connects to the internet via email, VoIP, and media streaming, a firewall should monitor threats coming from each of these different connections.

Most firewalls let you set up different configurations for multiple profiles, depending on your network connection. For example, the traffic passed amongst your staff within your home office network won’t need as many restrictions as the traffic coming in and out of the world wide web. For occasions when you're working out of the office and connected to a public network, your firewall will crank up your security level.

Unlike many security tools, firewalls work on a continuous basis, not a reactive one, which gives the best chance of protecting your site before an attack is successful. Firewalls increase performance and site speed through advanced caching mechanisms, so we’re looking at a faster and safer website - two key considerations for anyone with a business website.

The good news is, firewalls are commonplace these days, and the market is flooded, so there's no need to pay for one. For example, the free firewall ZoneAlarm is widely accepted as one of the best personal firewall protection tools around. If you pair it with an anti-virus application, of which there are many free versions available, or install its own built-in antivirus component, you get the makings of a robust security system.

Private browsing with a VPN

A virtual private network (VPN for short) provides security measures that most businesses find helpful. In the same way that a firewall protects info stored on your computer, a VPN protects data you share through public networks. How often are you or one of your employees using public WIFI hotspots, working from a coffee shop, taking advantage of free airport WIFI, or any unsecured connection to upload and share files?

Entrepreneurs often use temporary workplaces and remote locations. While working in this manner has become synonymous with modern-day living, it can come at a high cost. People are compelled to use public WiFi networks and why not, they are free after all. Every time you use WiFI networks, you are actively increasing the risk of outsiders gaining access to your business’s data. A shady cafe employee or someone sitting at another table could be spying on you, gathering information transmitted through the business’s open internet traffic. Using a VPN helps ensure no one is snooping on your connection. As a general rule of thumb, when you're out of your home or office network, you really need a VPN.

A VPN works by creating an encrypted connection between your computer and the remote private network. This means that only computers and networks with a particular key can decode the information. In addition to enhanced security, VPNs let you access your website and files remotely, share files, and maintain online anonymity without your data being monitored, tracked, collected, and stored.

Compared to other security solutions, VPN is a surprisingly affordable alternative. Prices vary from vendor to the next, but you’ll pay around $10 per month, making them a budget-friendly choice for every business. Once installed VPNs are instantly effective and genuinely worthwhile.

Use a private browser

A private browser offers a more secure way to browse the internet. By implementing a whole host of security features such as download protection, URL filtering and a 'do not track' feature, popular browsers like Firefox and Chrome have been transformed. In a sense, all mainstream browsers can plausibly claim to be 'secure' browsers for the average internet user. If you’re using the internet for business purposes, we’d recommend looking into a dedicated privacy browser such as TOR.

Many web browsers offer anonymous browser modes, and many people are under the false impression that private browsing modes hide identity and browsing habits from organizations, governments, and advertisers. While said modes don’t save your internet browsing history, your online activity might still be visible to websites you visit as well as their ads. Also, the sites you visit aren’t hidden from internet service providers. Incognito mode is just helpful when you want to keep your internet activity secret from other people who use the same computer or device.

At the same time, the incognito mode doesn’t protect you from people who want to steal the data you send to and receive from the Internet. For example, using incognito mode for online banking, shopping, etc. is no safer than using a standard browser window. If you do any of those things on a shared or public network, we strongly recommend you use a VPN. Like many internet users you might have thought that clearing your browser's cache might protect you, it doesn’t.

People generally assume popular browsers offer broader security protections. According to a study by Avast in 2018, 77% of consumers have "misplaced expectations." Unless their browser alerts them to a potentially ‘bad’ website, the site is deemed safe. The same goes for installing extensions. The survey also noted how third-party browser extensions pose a serious threat to privacy and security. Many trustworthy websites can fall foul of extension hijacking, unbeknownst to their regular visitors.

The browser you use for anything you do related to your business, from sourcing products to firing out emails, needs to deliver protection from browser-based attacks.  It also needs to provide privacy from mass online surveillance and applications that use other computers for crypto mining — a growing security concern. 

There are plenty of options when it comes to picking your private browser. Advanced browser options include Avast Secure, Epic Browse, or the one that started it all: TOR.

What’s TOR?

TOR or, The Onion Router by its full name, is the granddaddy of private browsers today. This software is the top-notch security and anonymity browser globally. TOR exists to provide a layer of privacy and security to people's online activities. It does that by making those activities more difficult to monitor and trace back to their source by obscuring the public IP address you are connecting to the internet with. It’s designed to stop people from learning your location or tracking your browsing habits.

TOR has become the watchword for the anti-surveillance movement because it is built on technology that bounces internet users' and websites' traffic between thousands of volunteers worldwide, making it extremely hard for anyone to identify the location of the user or the source of information. This is why TOR users include journalists, law enforcement professionals, whistleblowers, and businesses. TOR is an especially popular browser for savvy business people looking to block their online activities from being snooped on by anyone.

Once you download TOR and install the software, your browser will feature a ‘Vidalia icon’ that allows you to start it as and when you please. When you select this browser icon, the TOR software will scan its network and establish a secure ‘tunnel’ connection between your computer and a TOR router. Your screen will then display an instance of Firefox that uses this tunnel. Everything you view inside of that browser is now anonymized.

SSL and HTTPS security

SSL is an extra security measure attached to websites. When someone surfing the net visits a secure site, an SSL certificate provides identification information about the web server and establishes an encrypted connection. When someone searches for your SSL encrypted website, their browser contacts your SSL secured website, and the SSL certificate enables an encrypted connection. Encryption ensures that interactions online remain private as they travel across the public internet. Like when you seal a letter in an envelope before sending it through the mail. This process happens in a fraction of a second.

When you visit a website with HTTPS in the browser bar, you know that the site has an SSL certificate securing the data transferred between the site and the user accessing it. Websites without SSL certification don’t secure that data. If a website requires someone to enter details, such as a login or a form submission, and it doesn’t have the HTTPS prefix, Google will alert users to the fact that the site may not be secure.

HTTPS technology safeguards privacy when you engage in online activities like checking your bank account balance and filling out forms and protects your data from being stolen or viewed. With cybercrime rates skyrocketing and many of us have already fallen victim to web-based crime, internet users are more cautious than ever.

As a site owner, you need to make sure you add a secure SSL certificate to secure your users’ browsing experience. Also, to protect your privacy, look out for telltale signs that a site is using the secure protocol when you offer any of your personal information out over the internet.

Why add HTTPS to your website?

If you don’t have an SSL certificate, any data that is entered into your site can be intercepted by third parties who are snooping into your user’s web sessions. Anyone out and about using open WIFI, in a cafe, for example, will have their entire web session captured. Anyone with evil intentions just needs a ‘network traffic analyzer’ to take what they want. If you don’t have SSL, you are making it easier for someone to view, steal and use your data for potentially any purpose. With an SSL certificate you can:

  • Accept Payments Securely

If you plan to accept payments from major credit cards online, you’ll need a merchant account, and most of them will require you to use an SSL certificate. Without an SSL certificate, you are putting your customers at risk of having their credit card information stolen while shopping on your website.

  • Secure All Web Forms

If you have any web forms collecting information, such as leads from potential home buyers or questionnaires with basic contact information, you must use secure web forms. Your client would not want this private information leaked. Without an SSL certificate, some types of form mail can be intercepted.

  • Protect Your Business Reputation

No site is too small to be hacked, even if you are running a one-page website with a contact form. SSL is an easy way to show your visitors that you are serious about security.

Encrypt your emails

By default, email messages and attachments aren’t a safe way to send confidential or sensitive information across the internet. For this reason, many webmasters use email encryption to protect themselves from prying eyes as they send and receive emails. Email encryption software ensures that only the sender and recipient can read email messages and attachments.

When a recipient receives an encrypted email, often the email contains a hyperlink to a website controlled by the sender, or from a third party on behalf of the sender. The recipient clicks the hyperlink and is presented with the contents of the encrypted email over an encrypted channel. For the sake of simplicity, no encryption key, password, or other authentication is necessary.

Businesses are turning to encrypted email services because this use of email encryption software is ideal for email exchanges between a company and its clients and customers. Let’s say your business forwards confidential information to your clients via email, such as an invoice with banking details on it. This is when you might want to deploy email encryption.

A relatively low-cost investment in this type of technology prevents data breaches which, by contrast, can be pretty costly.

Secure your network, databases, and website

Any business owner with an online presence needs to make sure that any personal data they store is kept out of the wrong hands. This relates to all sites, even if you don't take credit card numbers - identity fraudsters will find most personal data you keep valuable.

Breaking the news of a data breach and to your visitors is embarrassing, damaging and costly, plus disclosing to customers that their personal information has been compromised in a hack is often legally required. So be sure you have secured your network, databases, and website using a password management service, anti-virus, and malware protection.


Malware isn’t one specific threat. It is a blanket term referring to software that gets installed on a computer to perform tasks that benefit a third party.

Spyware, software that spreads to other computers on your network, including your site visitors, viruses which can damage your computer by deleting files, and ransomware software designed to block access to a computer system until a sum of money is paid, are all forms of malware.

Malware, viruses, and other cyber attacks pose a threat to anyone browsing the internet, especially someone with a website linked to their business. According to a study from Verizon in 2018, 58% of malware attack victims are categorized as small businesses. What could a breach mean to yours?


If you have a Point Of Sale machine in your store, you are vulnerable to a POS trojan attack. POS trojan’s steal data such as debit and credit cards from electronic payment systems. Kaptoxa, for example, exposed the payment data of over 70 million Target customers. Kaptoxa managed to remain in the POS machines for days as it went undetected from most security systems at the time.

Antivirus protection

Malware, viruses, and other cyber attacks can crush a small business. They are especially dangerous to those who rely on their website for customer acquisition and new leads. Modern-day business is extremely digitized, and companies of every size face online security threats.

Small businesses are not only big targets for hackers, but the attacks are also costing them a lot of hard-earned cash. Ponemon Institute released some sobering facts on the fall out from a malware attack. In 2017 alone, the average malware-related costs for small to medium-sized businesses amounted to $1,027,053 due to damage or theft of IT assets, and a further $1,207,965 due to disruption to normal business operations.

As a small business, you also need to prepare against malware threats - particularly when it comes to defending yourself against viruses. There are a lot of choices out there for anti-virus software. You need more than a basic antivirus installation, protect your business’ with multiple layers of security. Your company should have an anti-malware, antivirus, and anti-ransomware suite. For some guidance in choosing the best virus blocker for your computer, we recommend this best antivirus software guide.

Manage your passwords

Logging in to online accounts and apps is part and parcel of daily life for private consumers and small businesses alike. The various usernames and passwords for multiple online accounts quickly stack up. The average internet user might have passwords for their online banking, email, shopping sites, and social media to remember. Online businesses often need many more, from apps to keep track of their business’ online banking, digital invoicing systems, customer relationship management (CRM) and accounting tools to name but a few.

The list of passwords you need to keep track of is set to get longer as the scale of your operations and become more complex. You might be tempted to follow the low-tech route and either commit your passwords to memory (or just use the same password for all your accounts), this isn’t advisable. Passwords that are easy to guess or shorter passwords are more susceptible to widely used and readily available cybercrime methodologies such as ‘brute force’, a tool for password hacking that automatically guesses passwords until it finds the correct one.

Password managers are an effective way to not only create ‘strong passwords’ but to store them securely. Apps like LastPass can store all of your passwords securely, when you need to log in to a website, simply click LastPass for your login credentials.

By keeping your passwords strong, and secure you’re helping keep your website and any related business information safe.

Use an Adblocker

You’re probably familiar with ad-blocking software already. The main reason people use ad-blocking tools is to hide the influx of intrusive adverts that cover the content they’re trying to view. While that’s a valid reason for using an ad blocker, there’s another important use: cybersecurity.

Ad blockers prevent rogue advertisements from delivering viruses to your computer and spying on your private information. Online advertisements are regularly used by hackers to attack people browsing the web. They’re even on legitimate sites, hackers have been known to add invasive malware to popups. Using an ad blocker to prevent any suspicious ads from appearing on the web pages you view will reduce your exposure to this kind of security threat. You can’t lose with an adblocker, it won’t just spare you from annoying ads, but also keep your business site safer as you browse the web.

Ad blockers to consider

Google Chrome

Chrome is a popular web browser from Google. If you use Chrome to search the web, you may have noticed that Google has conveniently built ad blocker extensions into the browser.

AdBlock Plus

Another option is AdBlock Plus, an extremely popular browser, and user-friendly browser extension. It supports most browsers including Internet Explorer, Chrome, Safari, and Firefox.

UBlock Origin

UBlock Origin is widely regarded as the ultimate ad blocker. Offering full browser support, it goes further than AdBlock Plus. UBlock runs consuming fewer resources (processor and RAM) from your computer than Adblock Plus. This is the best option if your system runs or you have limited resources. This tool also offers a greater capacity for personalization, for example, with UBlock you can configure many different ‘behavior’ types and a lot of third-party filters. What’s more, this tool lets you establish a blocking service that stops your IP address from being leaked in any way.

Adding a decent ad blocker such as the ones mentioned above is a simple way to shield yourself from hostile advertisements while you’re browsing the web.

Block (or at least limit) Cookies

While you surf the internet, cookies work in the background gathering various pieces of your personal data. The cookies themselves bear no resemblance to the chocolate chip variety. It's a small text file stored on your local hard drive.

Cookies collect specific pieces of information about your behavior on that website, such as your searches. Its contents are determined by the specific website that created that cookie, this could be anything from your favorite films to your most recent searches on Amazon.

Cookies frequently save information without your knowledge or consent which people are finding increasingly worrisome as it impacts your sense of computer privacy. Remember the last time you revisited a website to greet you when you return, perhaps they remember your password or can recommend products to you? The sites know you are returning because it identifies you again by looking up your cookie from previous visits.

What can I do about online cookies?

Cookies gather lots of your personal information, and the concern is, we don’t always know what that includes. For this reason, take action to protect your computer privacy against nosey cookies. Follow these tips to manage cookies on your computer.

Delete your computer cookies on a regular basis

All popular internet browsers offer the option to delete your browsing history including the option to 'delete cookies'. Selecting this removes every text file on your hard drive containing cookies. Make sure you keep this up as sites will create a new cookie when you revisit them. Deleting your history will at least stop them from accumulating data on you.

Turn off cookies!

Why not just refuse to accept cookies from websites? With a few clicks, you can set up your browser to block cookies. Doing so will prevent automatic sign-in so make sure to set up your password manager for your online accounts if you’re prone to forgetting your logins. Go to the setting of your internet browser, find the privacy options, and select the option to block default cookie handling.

Avoid cookies

To best protect yourself from cookies, use a search engine that doesn’t use cookies, or opt for a 'surf anonymizer' website such as SafeWeb and the Anonymizer to protect your privacy.

Of course, there are exceptions. Cookies are most useful when you’re in control of them. The process behind the task of a typical cookie is often totally benign and can add to our user experience when browsing the net. They can do useful things that prove to be real time savers. For example, cookies store your shopping cart information between visits to an e-commerce site which saves you from the hassle of logging into the site to retrieve your shopping list, every time you open and close your browser.

To limit the amount of information that is gathered about you, simply restrict the kind of cookies that your browser accepts, and use whitelists. Whitelist save specific cookies for when you want to retain a few cookies – like for your online banking site, social media forums, etc. while deleting the rest. To create a whitelist from all popular browsers follow this clear and illustrated how-to guide.

Develop a Security Policy

More often than not, it’s the people around you that can unwillingly pose as your biggest security threat. One day your employee could accidentally click on a suspicious link and unintentionally cost you your business.

To prevent easy mistakes from happening, implement some basic security policies in your company practices. There are plenty of online workshops available to help educate yourself and your employees about what to look out for to not fall foul of a cyber threat and strengthen their overall knowledge of cybersecurity attacks.

The bottom line

Online privacy affects everyone using the internet to varying degrees. Sensible people are becoming increasingly vigilant about their online security, aware that an opportunistic hacker might breach their passwords, infiltrate their emails, or plant unsafe cookies.

Taking steps to protect your online privacy should be a matter of necessity, especially if you're using your computer for running your day to day business. If proper security measures are not in place, it may lead to private business data getting leaked. If you’re unlucky, you can find yourself another victim of the wrath of the internet. The range of things perfect strangers with some minor hacking skills can do to you is vast and extremely nasty.

By taking these proactive measures to protect your business computer, network, data, and website, you can stay ahead of cyberattacks, cybercriminals, and the latest emerging trends in cybercrime. Stay updated on current cybersecurity threats and how to prevent them. Make sure your company is always ready for a cybersecurity attack. Keeping cybercriminals at bay by implementing the 8 steps in this guide will free up your time to run your business instead of fighting what could have been an easily avoided attack.


Picture of Ruth G.

Ruth G.

More content by Ruth G.

Small Business Management

For running things smoothly

From site security to email service providers, here’s what you need to manage your online business.

See more
Join Our Newsletter

Stay inspired

Get all the latest offers, articles, and industry news straight to your mailbox every month.

Need help? We're always here for you.