Business Cybersecurity & Privacy Tips
Practical cybersecurity and privacy tips for small businesses, venues, and local operators. General education, not professional cybersecurity services.
Most cyberattacks on small businesses are not sophisticated. They rely on weak passwords, unprotected accounts, and distracted employees. The tools below are free or low cost, open source where possible, and built by companies that respect your privacy. We intentionally recommend Proton's ecosystem first throughout this guide — it is Swiss-based, open source, independently audited, and covers nearly everything a small business needs in one privacy-respecting suite. We always provide alternatives so you can choose what works best for you. We are not paid by any company listed here.
Section 1 · Password Manager
Stop reusing passwords
If one account gets breached, every account with the same password is now at risk. A password manager creates and stores a unique password for every login so you only have to remember one master password. All three options below are end-to-end encrypted meaning even the company that makes the software cannot read your passwords.
Recommended tools
Proton Pass
proton.me/passFree password manager from Proton. Open source, end-to-end encrypted, includes an email alias feature that lets you create disposable email addresses for business signups to reduce spam and protect your real email. Available on all devices. Free plan is generous for a small business.
Bitwarden
bitwarden.comFree and open source password manager. Independently audited. Slightly more mature than Proton Pass with more third party integrations.
KeePassXC
keepassxc.orgFree and open source password manager that stores your passwords locally on your device with no cloud sync. Best option if you prefer not to store passwords online at all.
Also useful
Have I Been Pwned
haveibeenpwned.comFree tool to check if your business email has appeared in a known data breach. No account required. Run this now.
Section 2 · Business Email
Use a private encrypted email account for your business
Free email services from Big Tech providers scan your emails to build advertising profiles and share data with third parties. Proton Mail is end-to-end encrypted, based in Switzerland under strict privacy laws, open source, and has no advertising. Using a professional business email address also makes your business more credible to job applicants and suppliers.
Recommended tools
Proton Mail
proton.me/mailFree encrypted email. Proton cannot read your emails and neither can anyone else without your key. Start with the free plan. For a custom domain email like hiring@yourbar.com upgrade to Proton for Business starting at $6.99/month per user.
Tutanota
tuta.comFree, open source, end-to-end encrypted email based in Germany. Strong privacy record and a good alternative to Proton Mail. Free plan available.
Posteo
posteo.dePrivacy-focused email based in Germany. $1.25/month. No free tier but extremely affordable and has a strong privacy and sustainability track record.
Section 3 · Two-Factor Authentication
Add a second lock on every account
Two-factor authentication means that even if someone steals your password they still cannot access your account without a second code from your phone. Enable it on every account that offers it — especially email, banking, payroll, and your POS system. Avoid SMS text message based two-factor authentication where possible since phone numbers can be hijacked in SIM swapping attacks.
Recommended tools
Proton Authenticator
proton.me/authenticatorFree authenticator app from Proton. Open source, integrates with your Proton account, and backs up your codes securely so you do not lose access if you get a new phone.
Aegis Authenticator
getaegis.appFree and open source authenticator for Android. Encrypted local backup. No cloud sync which some users prefer.
Raivo OTP
raivo-otp.comFree and open source authenticator for iPhone. Simple, lightweight, and privacy respecting.
ShiftMap requires two-factor authentication on all employer accounts by default using an authenticator app, not SMS.
Section 4 · Browsing Privacy
Use a privacy-respecting browser
Your business browser is the front door to your email, payroll, POS dashboard, and bank. Use a browser with strong tracker and ad blocking, and keep work browsing separate from personal browsing where possible.
Recommended tools
Firefox
firefox.comFree, open source browser from the non-profit Mozilla Foundation. Enable Enhanced Tracking Protection in settings.
uBlock Origin
ublockorigin.comFree, open source browser extension that blocks ads and trackers. Install it on every business computer.
Brave
brave.comFree, open source browser that blocks trackers and ads by default. A reasonable drop-in replacement for Chrome on business devices.
Section 5 · Encrypted File Storage and Sharing
Store and share business files without Big Tech reading them
Storing schedules, contracts, and employee records in mainstream cloud services means those files may be scanned, monetized, or accessible to the platform under certain legal conditions. End-to-end encrypted storage means only you can read your files — not even the storage provider.
Recommended tools
Proton Drive
proton.me/driveFree encrypted cloud storage from Proton. End-to-end encrypted, open source, and integrated with the rest of the Proton suite. Free plan includes 1GB with generous paid upgrades.
Cryptomator
cryptomator.orgFree and open source tool that encrypts files before uploading them to any existing cloud storage you already use. Works with any provider.
Nextcloud
nextcloud.comFree and open source self-hosted file storage. If you are technical or have someone technical helping you, running your own Nextcloud instance gives you complete control over your data.
Section 6 · Documents and Spreadsheets
Create and edit business documents without sharing your data with Big Tech
Word processors and spreadsheet tools from Big Tech often scan your documents for advertising purposes and store your data on their servers indefinitely. Privacy-respecting alternatives let you write schedules, menus, contracts, and business plans without your content being analyzed.
Recommended tools
Proton Docs
proton.me/driveFree, end-to-end encrypted document editor built into Proton Drive. Works like a standard word processor with no data mining. Part of the free Proton plan.
LibreOffice
libreoffice.orgFree and open source office suite for Windows, Mac, and Linux. Runs entirely on your device with no cloud sync unless you choose it. The most full-featured free alternative to Microsoft Office.
OnlyOffice
onlyoffice.comFree and open source office suite with strong Microsoft Office compatibility. Can be used online or self-hosted.
Section 7 · Video Meetings
Run staff meetings and interviews without Big Tech on the call
Mainstream video conferencing platforms collect meeting data, transcripts, and sometimes audio for their own purposes. If you do virtual interviews or remote staff check-ins, a privacy-respecting video tool keeps those conversations between you and your team.
Recommended tools
Proton Meet
proton.me/meetEncrypted video meetings from Proton. No account required for participants, no data collection, end-to-end encrypted. Free to use.
Jitsi Meet
meet.jit.siFree and open source video conferencing. No account required for anyone. Can be used instantly at meet.jit.si with no signup.
Element
element.ioFree and open source team communication and video calling built on the Matrix protocol. Good for teams who want a privacy-respecting Slack and Zoom alternative in one tool.
Section 8 · AI Tools
Use AI without your business data being used to train models
Most mainstream AI tools use your conversations and business data to train their models. If you use AI to draft job listings, write emails, or think through business decisions, a privacy-respecting AI tool keeps your business information private.
Recommended tools
Proton Lumo
proton.me/lumoProton's privacy-first AI assistant. Your conversations are not used to train models and are not shared with third parties. Integrated with the Proton ecosystem.
DuckDuckGo AI Chat
duckduckgo.com/aichatFree AI chat from DuckDuckGo that does not save your conversations or use them for training. Provides access to multiple AI models anonymously.
Jan
jan.aiFree and open source AI tool that runs entirely on your own device with no internet connection required. Your conversations never leave your computer.
Section 9 · Phishing and Scam Awareness
Know what a scam looks like in the service industry
Phishing emails targeting restaurants and bars often impersonate suppliers, POS providers, or delivery companies. Before clicking any link or paying any invoice that arrives by email, call the sender directly using a number you already have — not a number from the email itself.
Common examples
- A fake invoice from what appears to be your linen, food, or beverage supplier asking you to update your payment details to a new bank account.
- A fake email from your POS provider saying your account will be suspended unless you click a link and verify your login.
- A fake job applicant email with an attachment that installs malware when opened.
Section 10 · Your Wi-Fi Network
Keep your business network separate from your guest Wi-Fi
Your POS system, business laptop, and any device that handles payment data should never share a network with the Wi-Fi you offer customers. Most routers support a separate guest network that you can set up in under five minutes for free.
Recommended tools
FTC Consumer Guide
consumer.ftc.govNo paid tool required for network separation. Reference the FTC guide for plain-language setup instructions.
Pi-hole
pi-hole.netFree and open source network-level ad and tracker blocker. If you have someone technical who can set it up, running Pi-hole on your business network blocks malicious domains before they reach any device.
Section 11 · Keeping Devices Secure
Turn on automatic updates and scan for malware
Most successful attacks exploit security flaws that have already been patched — the victim simply had not installed the update yet. Enable automatic updates on every business device. Use an open source malware scanner rather than a Big Tech antivirus that bundles data collection.
Recommended tools
ClamAV
clamav.netFree and open source antivirus for Windows, Mac, and Linux. Run monthly.
Malwarebytes Free
malwarebytes.com/freeFree malware scanner for Windows and Mac. Good second opinion scanner to run alongside ClamAV.
Ubuntu Linux
ubuntu.comIf you are ever buying a new business computer, Ubuntu Linux is free, open source, and significantly more resistant to malware than Windows. Runs well on older hardware.
Section 12 · Free Government Resources
Free cybersecurity guides for small businesses
These are free resources from US government agencies and non-profit organizations written specifically for small businesses. No sales pitch and no signup required.
CISA Small Business Resources
cisa.gov/small-businessCybersecurity guidance for small businesses from the US Cybersecurity and Infrastructure Security Agency.
SBA Cybersecurity
sba.gov/business-guide/manage-your-business/stay-safe-cybersecureSmall Business Administration guide on staying safe and cybersecure.
National Cybersecurity Alliance
staysafeonline.orgPlain-language education and tips for individuals and small businesses.
Electronic Frontier Foundation
eff.org/pages/toolsFree guides on digital privacy and security for individuals and small organizations.
ShiftMap does not receive compensation for any tool or resource listed on this page. Proton is listed first throughout this guide because we believe it offers the most comprehensive privacy-respecting suite available for small businesses. All other recommendations are listed because they are genuinely useful, open source where possible, and respect your data. ShiftMap has no financial relationship with any company on this page.