What All Small Businesses Need to Prioritize
By Heather Stratford, National Cybersecurity and AI Thought Leader, Inland Northwest Cyber Hub/Inch360
The cybersecurity landscape is evolving at a breakneck pace, and small businesses are increasingly at risk. As digital threats grow more sophisticated, hackers are no longer only targeting large corporations—they’re setting their sights on smaller companies with fewer security resources. To prepare for 2025 and beyond, small businesses must proactively address key cybersecurity trends. Below are five priorities every business owner should focus on to protect their customers, employees, and reputation.
1. Educate Your Employees on Cybersecurity Fundamentals
The human element remains the weakest link in cybersecurity. Phishing attacks, social engineering schemes, and malware downloads often succeed because employees aren’t aware of the threats or don’t know how to respond. In 2025, cybersecurity training will no longer be a “nice-to-have” but a necessity.
Regular cybersecurity awareness sessions, including phishing simulations, should be a part of your business operations. Employees need to know how to identify suspicious emails, avoid clicking unknown links, and report security incidents immediately. This is also the time to adopt new tools like microlearning platforms, such as Drip7, which use bite-sized lessons to keep cybersecurity top-of- mind. Cybersecurity is not just the responsibility of IT teams—it requires participation from everyone in your organization.
Ninety percent of cybercrime can be traced back to human error. Recently Drip7 started an education program for a small business in the Spokane region of 360 people. There was an 84% fail rate on the baseline phishing test for the organization. There is a lot of work to be done to educate staff.
2. The Privacy Risks of AI Adoption
AI is transforming the way small businesses operate by automating customer service, generating insights, and streamlining operations. However, the widespread use of AI introduces new privacy challenges. AI tools often collect and process large volumes of data, making businesses vulnerable to data leaks.
Customer and employee data may inadvertently be exposed if AI applications are not properly monitored. For example, chatbot platforms or generative AI tools could store sensitive information or introduce vulnerabilities hackers can exploit. In addition, privacy compliance will become stricter in 2025, with new regulations requiring businesses to maintain transparent data-handling practices. Small businesses need to audit how AI tools handle personal data to ensure compliance and minimize risks.
3. Safeguarding Your Supply Chain: Lessons from the CDK Ransomware Attack
Supply chain security is another major focus area for 2025. Many small businesses rely on third-party vendors and suppliers, but each connection can be a potential entry point for cyberattacks. A perfect example is the CDK Global ransomware attack, which disrupted the operations of 1,500 car dealerships across the U.S. in 2024.
CDK, a leading software provider for automotive dealerships, fell victim to a ransomware attack that brought their systems offline for days. This incident affected not only the car dealerships but also the businesses that are connected to car dealerships. There was a direct loss of revenue due to the inability to process vehicle purchases and service orders. This attack serves as a warning that even if your own systems are secure, vulnerabilities in your supply chain can still put your business at risk. For small businesses, know your suppliers, ask for documentation on their security policies, and have backups to isolate your processes in case of a breach.
4. Adopting Zero Trust Architecture
Traditional security models assume that anything inside a company’s network can be trusted. However, with remote work and cloud-based systems becoming the norm, these assumptions no longer hold. That’s where Zero Trust Architecture (ZTA) comes in—it operates under the principle of “never trust, always verify,” ensuring that every user or device must prove their legitimacy before accessing sensitive systems or data.
For small businesses, adopting ZTA might seem complex, but using a Managed Service Provider (MSP) can simplify the process. MSPs offer expertise in building secure infrastructure and managing cybersecurity strategies, giving businesses the confidence that their systems are protected. An MSP can also monitor networks for suspicious activities, ensuring you detect threats before they cause damage. With the right MSP partner, even small businesses can achieve enterprise-level security.
5. The Rise of Deepfake Fraud
One of the most alarming trends heading into 2025 is the rise of AI-enabled fraud, including deepfakes. Deepfakes use AI to create realistic videos or audio that mimic individuals. Criminals are leveraging this technology to impersonate executives and trick employees into transferring funds or disclosing confidential information.
A notable case occurred when a Hong Kong-based firm lost $25 million to fraudsters after a deepfake video call. The criminals impersonated the company’s CFO, providing instructions for a fund transfer that seemed entirely legitimate. According to Deloitte’s Center for Financial Services, AI-enabled fraud is expected to reach $40 billion by 2027. To mitigate these risks, small businesses should adopt multi-factor authentication and verification protocols, particularly for financial transactions. More layers of verification need to be in place. Employees must also be trained to recognize the signs of deepfake manipulation, such as slight delays in audio or video quality.
Conclusion
The digital landscape of 2025 will present both opportunities and challenges for small businesses. Staying ahead of cybersecurity trends isn’t just about protecting data—it’s about ensuring business continuity, safeguarding customer trust, and maintaining a competitive edge.
Prioritizing employee education, assessing the privacy implications of AI, strengthening your supply chain security, adopting Zero Trust Architecture, and preparing for deepfake fraud are crucial steps that small business owners should take now. Cybersecurity threats are evolving fast, but with the right strategies and partnerships in place, small businesses can stay protected and thrive in an increasingly digital world.
By being proactive today, you can save your business from costly disruptions and ensure you remain resilient against the challenges of tomorrow.
To learn more about how you can protect your business, mark your calendar for the JumpStart event in March 2025, featuring Heather Stratford. Be the first to register for this event and get the details when it launches by emailing jgunning@greaterspokane.org.
Heather Stratford is a national thought leader in cybersecurity and AI. She has founded and run multiple technology companies including Drip7 Inc. — a microlearning platform focused on cybersecurity education. She founded the regional organization INCH360 to help educate and support cybersecurity in the Inland Northwest. With extensive experience across industries, Heather has worked with prominent organizations like General Motors, Stanford, University of Chicago, NYU, SABIC, MultiCare, and Deloitte. Heather has spoken for Morgan Stanley, STCU, PPMD – Professional Petroleum Data Management, and U.S. Department of Commerce, to name a few. Outside of her professional life, she enjoys traveling, waterskiing, and motorcycling. Heather and her husband Bill have five children and one grandchild.