Get in touch: Speak to a Sales Rep

Request a follow‑up

Speak to a Sales Rep Call 1-877-633-1102

Article The 7 biggest cyber threats facing small businesses

First, the bad news.

Small businesses are a big target for cyber criminals—even “I know everybody in my office by their first name, surname and the name of their dog/cat/goldfish” businesses.

No one is too small to pop up on a cyber criminal’s radar. Even though, as one report found, 54% of businesses believe they’re too small to be the target of ransomware.1 Unfortunately, this common assumption is a big mistake.

Why? Because even the smallest businesses have more money and valuable data to steal than a single consumer has—and also have a lot less protection in place than big businesses.

But what can you do about it? After all, without the money a medium-sized business has, let alone a big business, you can’t actually afford to protect yourself. Right?

This is another common assumption—and thankfully, this one is also wrong. The truth is that even very small businesses can put up a damn good defense against cyber attacks.

(That’s the good news.)

To start with, you need to know what to defend themselves against. With that in mind, here are the biggest threats facing (really) small businesses like yours in 2020—and what you can do about them.

1. Phishing

Phishing emails—which trick recipients to click on links they really shouldn’t click on—are the most common attacks out there. To make matters worse, they’re increasingly sophisticated and difficult to spot.

What to do: The key thing here is to educate your people in how to identify phishing emails. Happily for you, your team isn’t too big to train. Tools such as multi-factor authentication can help make it harder for phishing attacks to be successful—but ultimately your people are your first line of defence. 

2. Ransomware

This involves a hacker getting into your network, encrypting your precious data and demanding that you hand over money in exchange for access. Small businesses are highly vulnerable to ransomware attacks because attackers know they’re more likely to pay up. Why? Because small businesses are much less likely to back up their critical data. They’re also more likely to be crippled by having their access to it blocked.

What to do: Don’t be one of those “we’re too small to back our data up” businesses. Look into backing up your mission-critical systems and data in the cloud. Today. (Right after you finish reading—and sharing—this blog, in fact.)

3. Malware

Malware comes in many forms (including spyware, trojan horses and “worms”). What these forms have in common is that they all contain malicious code designed to infiltrate, disrupt and damage your business. And small businesses are targets for all of them.

What you can do: Make sure your operating system, browsers and software are up to date to stay ahead of the hackers. There are also “as-a-service” solutions that can monitor all your internet traffic—you pay for such services per head, which makes them absolutely affordable for businesses of all sizes.

4. BYOD attacks

A BYOD policy makes a lot of sense for small businesses. It gives your people the option to work remotely on devices, without requiring you to pay for those devices yourself. But personal devices aren’t always subject to the same controls as company devices—especially in businesses without IT departments—which makes them potential trojan horses travelling into your business network.

What to do: What you need here is a mobile security solution that gives you “over-the-air” control of your employee’s devices. A solution like this will enable you to remotely monitor, manage and secure phones and tablets, automatically enforcing your security policies at all times and in all places.

5. Man in the Middle attacks

These take place when employees connect to a public Wi-Fi network, thinking it’s legitimate, not realising that they’ve inadvertently connected to a fake network access point, set up by a hacker, who is now intercepting their (and your) data. Most of us now connect to public Wi-Fi networks with a degree of nonchalance, so it’s easy enough to fall for this. 

What to do: A good virtual private network (VPN) service can be installed on employee devices and, having automatically detect an unsecured network, will encrypt all data and sessions taking place on it—leaving the man in the middle out in the cold.

6. Password attacks

In the era of cloud services, many of us are now using multiple passwords at work to access sensitive information. The temptation to use easy-to-remember passwords is ever-present. And easy-to-remember is easy-to-guess.

What to do: Education is a great start: impress upon your employees the importance of using strong passwords. You can also invest in password generation and management software.

7. DDoS attacks

A Distributed-Denial-of-Service attack is when a hacker uses malware infected devices to bombard your network (typically a website) with requests in order to slow it—or shut it—down. Downtime be disastrous for any business—let alone a very small one where every website visitor counts.

What you can do: As mentioned earlier, back-up your systems and files wherever possible in case of a DDoS attack. Ideally, though, you need to be able to detect and filter out incoming DDoS traffic. For businesses with modest budgets, cloud-based services that can be paid for on a monthly basis are available.

We hope this blog has given you some insight and ideas into how you can start protecting yourself. If you want more advice on how to approach security as a small business, why not check out our blog How to establish your first security policies if you’re a small business’?