Small businesses vulnerable to cyber attacks


Cyberattacks are the new normal for small business and the small businesses are the new frontier for cyber criminals. A recent report says, small businesses are the target of 43% of cyber-attacks.  


Ransomware is disruptive and costly and can be catastrophic for some businesses. Whereas, the large businesses are continuing to increase cybersecurity spending , as a consequence, cyber threats posed to small-to-medium-sized businesses (SMB) are real — and growing.


Many small businesses don’t think about cybersecurity until after a security breach. Not having cybersecurity can cost your business money, time and result in lost sensitive information. 

The average loss per attack averages more than $188,000. Even worse, one report suggests that 60% of small businesses fold within six months of a cyber attack. 

There are many cybersecurity threats for businesses and they are:

  • Email and phishing scams use email and text messages to hook victims. Fake, official-looking information asks victims to click on a link to a web page and then enter sensitive financial and personal data. Criminals use the data for identity theft or resale. 
  • Passwords. Cyber criminals can get access to passwords by tapping into databases, looking at servers to find unencrypted passwords, and using email, text messages or social engineering.  
  • Server attacks. DOS (Denial of service) SQL injection and drive-by attacks target websites and servers. DOS attacks overload system resources so they can’t handle the volume of service requests. SQL attacks read and modify sensitive data in databases. Drive-by attacks plant malicious code that will infect a visitor’s system to capture and transmit their sensitive data.  
  • Man-in-the-middle attacks involve hackers intercepting data from a victim on a fake page. These attacks also use phishing. 
  • Social engineering attacks involve human interactions to acquire sensitive information. This can include attacks like phishing and spear phishing but also physical activities. For example, a bad actor could leave a USB key loaded with malware in your business. An unknowing employee could plug it into a company computer and now be open to malware or other malicious programs.  

How the  small businesses are vulnerable to cyberattacks: 

  • They can’t afford dedicated IT staff. And if they can, training and budgets are often inadequate. It’s potentially worth exploring a managed IT services provider for your business. They offer deeper expertise and full-time availability. 
  • Inadequate or non-existent computer and network security. Small businesses can’t respond to threats quickly enough or can’t detect them at all. 
  • Lack of a backup plan. Many small businesses don’t use cloud services to back up their data offsite. 
  • Employees unknowingly help cyber criminals attack businesses. Staff members need to be more aware of attack methods as varied as social engineering calls and email scams.  
  • Small businesses are comparatively easy to attack. Hackers can find entry points to access valuable customer financial data more readily because of the absence of protection. Criminals can also use the business’ credentials to attack larger targets like suppliers and financial institutions.  

Tips for securing your small business from the threats :

  • Assess risks and vulnerabilities. Hire an external consultant to test systems that have external access, such as websites, drives and folders. Create procedures to follow in case of a breach and make network and computer security top priorities, on par with other key business priorities. 
  • Have a plan for devices. You and employees are likely accessing business data from multiple devices. While it’s very convenient to check work emails on your phone, that also opens up a potential vulnerability. Be sure you’re incorporating mobile device security into your cybersecurity plans.  
  • Employee training is key. Make sure your employees are aware of cyber security threats and security policies. Be sure to update your training procedures s as you roll out new policies continually. 
  • There are 43% of employees don’t receive regular data security training.  
  • Follow best practices for passwords. It’s prudent to make all passwords strong and unique. Additionally, use different passwords for different accounts. Make using strong random passwords containing letters, numbers, symbols and special characters mandatory. Good passwords shouldn’t be easy to remember. Also, prompt your staff to change all passwords every few months. 
  • Use two-factor authentication and facial recognition to login to apps and systems. An increasing number of apps and e-commerce websites use two-factor authentication to verify a user’s identity. Users receive a numerical code by email or text and enter it along with their password to gain access. Biometric features like Windows Hello can also help you and employees login faster and more securely. 
  • Update your software and systems continuously. Make sure you’re running the latest versions and security patches. Properly configure network security and use antivirus software.  
  • Backup all your data as protection against ransomware attacks. Use an offsite cloud provider in addition to on-site backup.  

Finally, Beyond the software side of prevention, cyber security training for all employees is a vital defense against potential attacks. Without knowledgeable, diligent employees, ransomware attackers can reach personal data and push malicious software through to your system.

Ransomware attacks are a very real threat, and they are showing no signs of slowing down. But with proper understanding and sharing of what SMBs need to know about ransomware, organizations can minimize loss and help to prevent attacks.