60% of businesses shut down after attacks: 10 ways to comprehensively improve cybersecurity for businesses

Bringing business operations online offers massive market access, but it also invites devastating security risks.

Statistics from Kaspersky reveal an alarming reality: 60% of small businesses are forced to shut down permanently within six months of falling victim to a cyberattack. In the UK, data from Companies House indicates that nearly 40% of businesses suffered a data breach in the past 12 months, with the average incident costing an estimated £8,460.

Small and medium-sized enterprises (SMEs) are often the preferred targets for hackers because they hold valuable customer data but lack robust defensive resources. Since digital data theft has surpassed physical theft in frequency, finding ways to improve the security of business uses of the internet is no longer a supplementary IT expense - it is a critical survival mechanism.

10 expert strategies to improve the security of business uses of the internet

To prevent financial ruin, organizations cannot rely solely on a single antivirus program.

Below are 10 highly actionable methods - constituting the core of a comprehensive defense strategy - recommended by global experts from Kaspersky, NordLayer, and the Federal Communications Commission (FCC):

1. Prioritize employee training

Most data breaches stem from human error. Employees might unintentionally click on phishing emails, use infected USB drives, or mishandle confidential information. Organizations must establish mandatory cybersecurity training, setting clear guidelines on how to identify sophisticated impersonation tactics and handle customer data securely.

2. Enforce strong password policies and multi-factor authentication (MFA)

Passwords are the front line of network security. The UK's National Cyber Security Centre (NCSC) recommends using "3 random words" to create long, unpredictable passwords (e.g., DogPurpleHouse). Passwords must be changed regularly, and more importantly, every critical system access point must require Multi-Factor Authentication (MFA) to block brute-force attacks.

3. Deploy a robust firewall

A firewall acts as a strict gatekeeper, preventing unauthorized outsiders from accessing data on a private network.

Proper Firewall configuration ensures malicious traffic is blocked from entering the internal network and restricts sensitive data from leaving the company's perimeter.

4. Automate patching and vulnerability scanning

Using outdated software or operating systems is akin to leaving the front door wide open. Updates provide vital security patches that close vulnerabilities exploited by hackers. Organizations should automate updates and regularly perform a Vulnerability Scan to proactively discover hidden weaknesses within their infrastructure.

5. Control access using the principle of least privilege

A core rule to improve the security of business uses of the internet is to never grant a single employee access to all data systems.

Access must be restricted based on job roles. For sensitive systems handling financial data, implementing PAM/BASTION (Privileged Access Management) helps isolate, record, and strictly monitor all actions performed by users with high-level administrative privileges.

6. Establish an offline data backup strategy

In the worst-case scenario where ransomware locks the system, backups serve as the ultimate lifeline. The FCC emphasizes that backups should be automated at least weekly. Crucially, these copies must be stored offline or on isolated Cloud environments, completely separated from the internal network so they cannot be encrypted by spreading malware.

7. Implement data encryption standards

Any business processing credit card payments, customer information, or intellectual property must implement Double Data Encryption (Mã hóa dữ liệu kép). Encryption transforms valuable information into unreadable code. Consequently, even if hackers breach the network and steal databases, the information remains entirely useless without the decryption key.

8. Secure mobile devices (Mobile Security)

With the rise of flexible working, personal smartphones and tablets carry a high risk of cross-infection. Businesses must utilize Mobile Device Management (MDM) tools. These tools force users to set passwords, encrypt device data, and allow administrators to perform a remote wipe instantly if the equipment is lost or stolen.

9. Protect remote connections with a business VPN

Employees working in coffee shops or airports frequently connect to password-less public Wi-Fi - an ideal environment for eavesdropping. Mandating the use of a Business VPN creates an encrypted "tunnel" that completely hides company data and IP addresses from third-party interception.

10. Shift from static defense to proactive monitoring

Hackers never sleep; large-scale cyberattacks frequently occur overnight or during holidays. Simply setting up security tools and leaving them unmonitored creates a dangerous gap. To truly improve the security of business uses of the internet, network traffic must be continuously monitored to detect suspicious behavior and respond to insider threats or external intrusions in real time.

Solving the resource gap for SMEs with the IPSIP ecosystem

In reality, many small and medium-sized enterprises understand these 10 strategies but are hindered by tight budgets and a lack of in-house IT experts. To execute this plan without inflating operational costs, utilizing outsourced Cybersecurity solutions for SMEs (Giải pháp an ninh mạng cho SMEs) from ipsip.vn is a highly practical approach:

• Filling the Monitoring Gap with a 24/7 SOC: Addressing the challenge of step 10, IPSIP's 24/7 Security Operations Center (SOC) provides a team of remote experts who continuously monitor the system. They proactively analyze traffic and intercept malware at the perimeter before it evolves into a severe incident.

• Transferring the Operational Burden to IT Support: Instead of leaving employees to struggle, IT Support/IT Helpdesk services take over the daily execution of updating patches, configuring firewalls, managing access controls, and ensuring that offline backups are rigorously maintained every day.

Protecting digital assets in the internet era is not a one-time effort but a continuous improvement process. Strictly applying these 10 strategies to improve the security of business uses of the internet, combined with professional infrastructure monitoring services, allows organizations to build an impenetrable data fortress. Do not wait until joining the 60% of bankrupt businesses to take action; preparing today is the ultimate permit for sustainable brand growth.

-----------

References:

• Article: "15 Critical Cybersecurity Tips for Small Businesses" - Kaspersky.

• Article: "10 Ways How to Improve Network Security for Business" - NordLayer.

• Article: "How to improve the cyber security of your business" - Companies House (UK Government).

• Document: "10 Cyber Security Tips for Small Business" - Federal Communications Commission (FCC).