Initially, you’d say the goal of cyber security is to keep malicious actors (both human and non-human) out of your systems and non-public data. However, these days it’s not just a matter of getting hacked or not. It’s more a matter of getting hacked as little as possible with the lowest impact possible.

For most companies, cyber security is not their primary business. For most malicious actors, cyber security is their primary business. This makes it very difficult, especially for small companies, to fully keep malicious actors out of their systems. Even more so, given the limited resources a company has versus the most often less limited time malicious actors have.

There are several types of malicious actors, each being more persistent than the other. While one type, called Script Kiddies, only executes a simple publicly accessible script to scan machines for known vulnerabilities, another type might have many millions of dollars (and thus, much time and resources) available at their disposal to discover unknown vulnerabilities in your systems. How far you need to take your measures depends on the type of your business.

Your goal should be to make it too time-consuming for malicious actors to try and compromise you and simply continue to their next target. Additionally, assume they can penetrate your systems and design your systems for this by also implementing measures behind your "front door". A common security practice is applying multiple layers of defenses, instead of just one. Think of it like a medieval castle, which doesn’t just have a moat around it but also several layers of castle walls. The idea behind it is if one layer fails, it doesn’t mean a full compromise of your system.

There are a few measures everyone can (and should) take, no matter what business you’re in. I’ll discuss five measures you can take right now.