At the Small Business Administration's inaugural Cyber Summit, the Microsoft president had some choice advice for small business owners.

If Microsoft president, Brad Smith, were running a small business, the first thing he says he’d do to assess cybersecurity risk doesn’t even cost a cent.

Smith said he’d first ask his team if there’s somebody on staff who’s knowledgeable about IT. Whether it’s someone on staff or an external security partner, Smith says he’d look to spend 15 minutes learning about the organization’s vulnerabilities and examine what has and has not been addressed.

Given the tense cybersecurity landscape these days, the timing for that conversation has never been better. “Unfortunately, small businesses are more of a target than they were five years ago,” Smith said in conversation with SBA administrator, Isabel Guzman. “In some ways, we’ve seen the cybersecurity threat landscape become more diverse.”

The SBA’s inaugural Cyber Summit sought to educate small businesses about how to become more resilient amid rising cybersecurity attacks. Smith shared a wealth of insights during his keynote with Guzman. Here are four of them:

1. Stay up to date.

Smith’s first tip for businesses is to keep software current. This is something that tech companies, such as Microsoft, Oracle, and others already assist with by releasing patches on Patch Tuesday, or when software updates are available to fix any vulnerabilities.

2. Tighten up your passwords.

Businesses need to set up multifactor authentication and deploy strong, unpredictable passwords, according to Smith. “It shouldn’t be ABC123,” Guzman quipped. If it may seem unbelievable that someone would use such a fallible combo, think again—digital security company Nordpass worked with independent researchers to take a look at more than 15.6 million breaches sustained by Fortune 500 companies in a past study. The findings revealed that the word “password” was one of the most popular passwords among all industries.

3. Consider the cloud.

If businesses keep their software current and use multifactor authentication, they’ll likely eliminate 95 percent of the risks they’d normally face, according to Smith. But he adds that it’s also important for businesses to look into cloud security.

“If everybody’s just trying to run their software on their own hardware in their own four walls, it means you have to do everything to maintain that hardware,” he explains. “Whereas if you move to the cloud—whether it’s Microsoft or one of our competitors—that becomes our problem. It’s no longer your problem as a small business owner.”

4. Use all available resources.

There’s no question that small businesses have fewer financial resources than larger counterparts to fend off cyberattacks. The SBA does offer educational programming for small businesses to take advantage of, including planning and assessment tools along with explainers around common threats. The agency also offers in-person and virtual events for training purposes to help small businesses protect themselves.

Looking ahead, Smith envisions that the sector will continue to see more defensive protection and more cybersecurity services built in that are offered in ways that are easy to use. And that’s good news, given that he also forecasts that cyber threats will grow more sophisticated over time. “We have to assume that adversaries will get better, that’s what adversaries do,” he says. “At the end of the day, [cybersecurity] becomes a little bit like a seatbelt,” Smith explains. “A seatbelt is in your car and we know it saves lives, but you do have to put it on.”

This article was written by Melissa Angell from Inc. and was legally licensed through the Industry Dive Content Marketplace. Please direct all licensing questions to

This article is licensed content that was created by a third party not affiliated with Santander Bank, N.A. (“Santander”). This article is for promotional purposes only. Santander does not provide investment, business, financial, accounting, tax, or legal advice, and the content of this article does not constitute investment, business, financial, accounting, tax, or legal advice. Santander does not make any claims, promises, or guarantees about the accuracy, completeness, currency, or adequacy of any content. Santander expressly disclaims all express and implied warranties of accuracy, completeness, currency, or adequacy of the information and content in this article. Readers should consult their own attorneys or tax or other advisors regarding the applicability of any referenced information, or financial or other strategies to their own unique circumstances. This article does not necessarily reflect the views or endorsement of Santander. Please note that third-party websites may have privacy and security policies different from Santander; please review the privacy and security policies of such websites.

Santander Bank, N.A. is a Member FDIC and a wholly owned subsidiary of Banco Santander, S.A. ©2023 Santander Bank, N.A. All rights reserved. Santander, Santander Bank and the Flame Logo are trademarks of Banco Santander, S.A. or its subsidiaries in the United States or other countries. All other trademarks are the property of their respective owners.


Was this article helpful?

You already voted!