ProtonBlog(new window)

How to protect your small business from cybersecurity attacks

Share this page

Cybersecurity attacks are on the rise, and more and more it’s small businesses that are being targeted.

Cybercrime is a multi-billion dollar industry that encompasses a broad range of threats, from fraud to credential theft. Most of these attacks originate with phishing attacks (new window)—  scams that try to trick you into revealing sensitive data or downloading malware. The Anti-Phishing Working Group (APWG) recorded over 1 million phishing attacks(new window) in the fourth quarter of 2023 alone — an unprecedented total. 

Small businesses may think they are too small to be a target, but they’re increasingly vulnerable due to increases in automated cyberattacks, according to Forbes(new window).  Cybercriminals use software to scan the internet for easy targets, often finding small businesses with less secure networks. The financial fallout could be devastating.

The security firm Kaspersky’s estimates(new window) the cost of cyberattacks to small- and medium-sized businesses at around $86,500 per attack and enterprises at “a staggering” $861,000 each. These figures include lost business, money spent on public relations, paying IT professionals to fix the problem, and so on.

This article offers simple, easy-to-implement strategies to protect your small business against cyberattacks, which could save you money in the long run. 

How to prevent phishing, the biggest threat to your business 

Effective prevention requires employing a wide-spectrum approach to protecting your business. This includes strong anti-malware defenses, robust security policies(new window) (with appropriate education and training for staff), and continuous monitoring of your systems. 

Deployed as part of a holistic approach to cyberdefense, Proton Mail is a privacy-first encrypted email service that can help protect your team against some of the most common email-based cybersecurity threats. 

Use hide-my-email aliases 

An effective way to defend against email attacks is to limit the number of people who know your real email addresses. 

Proton allows you to create multiple email addresses (including email addresses using your company’s custom domain with a Proton for Business plan). Additionally, hide-my-email aliases in Proton Mail are a way to protect your identity, control spam, and prevent phishing.

Hide-my-email aliases are unique, randomly generated email addresses you can share publicly instead of your real email address, meaning you can create accounts, receive emails, and reply in your Proton Mail mailbox without revealing your identity. 

When you create an account for an online service, for example, you can provide a hide-my-email alias to avoid being tracked or attacked by hackers if your email address is ever exposed in a data breach. With hide-my-email aliases, you can easily deactivate them if they’re ever leaked.

You can create up to 10 hide-my-email aliases with a Proton Mail Essentials plan. A Proton Business plan will give you an unlimited number of aliases to create as many as you need. You’ll find your hide-my-email aliases in our new Security Center in Proton Mail. 

Learn about hide-my-email aliases with Proton Mail(new window)

Confirm links 

One strategy attackers use is embedding malicious links in emails that appear to come from reputable sources.

There is a simple but effective phishing defense in all our apps. Our apps ask you to confirm that you wish to open an external link from an email. We strongly advise that you always take this opportunity to read the full link to see whether it’s genuine.

Learn more about link confirmation

Address verification

This advanced feature is like sharing a magic word or secret handshake with your colleagues, customers or business contacts, that confirms they are who they say they are. This prevents hackers from manipulating encryption keys to intercept messages. 

Your Proton Mail account allows you to manually trust a “secret handshake” — or PGP key — for specific contacts. 

Learn more about address verification

Lock icons

Proton Mail makes it easy to tell whether an incoming email is encrypted and secure. End-to-end encryption and zero-access encryption ensure no cybersecurity attack against Proton servers can reveal your emails, files, contacts, and other data. 

You can identify the encryption status of emails you receive by paying attention to the lock icons shown on each email. 

A lock icon tells you encryption status of emails
  • A blue lock means the secure email was sent from a Proton Mail address. It is not possible to spoof emails(new window) from Proton Mail accounts.
  • If your organization uses Proton Mail, this also provides a guarantee that someone within your organization sent the email.
  • A green lock denotes a PGP-signed message. A PGP signature guarantees that the sender is genuine and that the message hasn’t been tampered with.
  • A blue or green lock with a checkmark shows that you have manually chosen keys to trust with this contact (Address verification).

Learn more about how to check encryption status using lock icons

Learn more about how to protect yourself from phishing attacks(new window)

Protect your passwords

Hackers often target and steal databases full of user passwords, which can prove damaging to a small business with limited resources.

If your employees are reusing passwords across different accounts, one breach can lead to multiple accounts being compromised, including a business account that contains invaluable information. One leak can cause irreversible damage.

A reliable password manager can help prevent this from happening. With Proton Pass, you and your employees can generate strong, unique passwords for each account to limit the chances of a breach happening. A Proton for Business account gives you access to Proton Pass, which includes 50 vaults and unlimited aliases.

If hackers do somehow steal your login credentials, however, having two-factor authentication (2FA) adds an extra layer of security to keep your business safe by requiring not only a password but a second factor — such as a one-time passcode on your phone — to access an account. Proton Pass includes a built-in two-factor authenticator.  

And Proton for Business users can even enforce 2FA for an entire team, allowing business owners to enforce a higher security standard. 

Proton Sentinel

Everyone with a Proton for Business account gets access to our high-security Proton Sentinel program, which works for both Proton Mail and Proton Pass and has blocked thousands of account takeover attacks(new window) since it was launched in August 2023.  

Proton Sentinel prevents attackers from getting your data even if they have managed to steal your Proton username and password. This is a feature you won’t find using other popular email providers.

Using artificial intelligence and human expertise, Proton Sentinel swiftly detects and blocks suspicious attempts to take over accounts, leveraging insights Proton developers discovered while building anti-abuse systems that protect over 100 million accounts. 

Learn more about Proton Sentinel(new window)

How to prevent data breaches

A data breach occurs when sensitive information held by a company is made available in an unauthorized way. Data breaches can result in competitors gaining access to what should be privileged information about the internal workings of your company. However, the most devastating, high-profile, and common data breaches are when a company leaks personal details belonging to users and customers. 

For example, in July 2022, Uber admitted to a 2016 data breach(new window) that affected 57 million passengers and drivers and that it paid the attackers $100,000 to keep the breach secret. Even more dramatically, T-Mobile suffered a data breach in 2021 that affected some 76 million users, resulting in a $350 million settlement to a class action lawsuit(new window).

But there are several steps you and your employees can take to safeguard your data and prevent similar breaches from happening on a smaller scale. 

Use encryption whenever possible 

Emails sent between Proton users are end-to-end encrypted (E2EE). It is also possible to send E2EE emails to non-Proton users using PGP or Password-protected Emails. This means they are encrypted on your device and can only be read by the intended recipient. No one else, including us, can read them.

We have no control over how non-E2EE emails sent to people who don’t use non-Proton Mail are stored on their provider’s servers, but when stored on our servers, they are secured using zero-access encryption. That is, they are encrypted using your public key, so only you can decrypt them. Again, no one else, including us, can read them.

Unlike other email services that can decrypt data on their servers, Proton does not keep decryption keys, meaning if there were a data breach no hacker could get anything but encrypted files, which are useless without your password.

Learn how encrypted email works(new window)

(new window)Learn more about how to prevent a data breach(new window)

Train employees

None of the steps in this article will have impact if your employees are not trained to implement them. Your employees are the first and last line of defense against cybersecurity attacks.

Building up your staff with useful, clear guidelines that detail penalties for violating company policy is essential for any effective cybersecurity plan. That means all employees should be well versed in not only phishing attacks(new window), but strong password best practices, encrypted services, and whom they should contact for support.

At the very least, using Proton Mail for your organization’s business communications is a simple and easy solution to safeguard your team and valuable data.

To learn how Proton Mail can help protect your business, contact our sales team at enterprise@proton.me.

Keep your business safe with Proton 

While other companies are built to create value for advertisers, our business model is quite different. All our revenue comes from subscribers who upgrade for more storage and additional features. This business model requires us to prioritize the privacy and security of our community above all else, and we’ve designed the entire platform to reflect that. Every feature was built to protect your valuable data.

Proton was not born in Silicon Valley. It started as a crowdfunded project led by scientists who met at CERN (the European Organization for Nuclear Research) with a mission to fight for an internet that’s private by default. 

We built Proton to serve that mission, which includes helping you protect your small business with easy-to-use tools that can prevent devastating attacks from threatening your existence. 

Secure your emails, protect your privacy
Get Proton Mail free

Share this page

Douglas Crawford(new window)

Starting with ProPrivacy and now Proton, Douglas has worked for many years as a technology writer. During this time, he has established himself as a thought leader specializing in online privacy. He has been quoted by the BBC News, national newspapers such as The Independent, The Telegraph, and The Daily Mail, and by international technology publications such as Ars Technica, CNET, and LinuxInsider. Douglas was invited by the EFF to help host a livestream session in support of net neutrality. At Proton, Douglas continues to explore his passion for privacy and all things VPN.

Related articles

Can you password-protect a folder in Google Drive?
Protecting a folder with a password is a simple yet effective way of securing files. You may wonder whether you can password-protect a folder in Google Drive. We explain what access controls Google Drive offers and what you can do to improve your sec
Proton Pass now supports passkeys on all devices and plans
We’re excited to announce that Proton Pass supports passkeys for everyone, allowing you to manage and use passkeys across all devices seamlessly. Passkeys are an easy and secure alternative to traditional passwords that can help prevent phishing atta
what is a passkey?
Passkeys are a new way to secure your online accounts using cryptographic keys instead of passwords. They offer a high level of convenience and security, and are a real game-changer in the way we access and secure sites. What is a passkey, though, an
Apple’s marketing team has built a powerful association between the iPhone and privacy. The company’s ad campaigns claim that “what happens on your iPhone, stays on your iPhone.” And, “Privacy. That’s iPhone.” But Apple’s lawyers are telling a diffe
A cyberattack on national public employment service France Travail has exposed the personal data of as many as 43 million people.  The latest breach is the second major cybersecurity attack to happen in France in the past month, raising concerns abo
If I share a folder in Google Drive, can anybody see my other folders
Google Drive makes it easy to share files and folders, but you may have wondered at some point whether the people you’ve shared a folder with can see your other folders. We answer this question below and also share some tips for truly secure link sha
In 2014, Proton Mail was introduced as a web app, revolutionizing how we think about email privacy. Today, we’re excited to broaden the horizons of secure communication by launching the Proton Mail desktop app. Anyone can now use the new Proton Mail