The Top 5 Biggest Cyber Security Threats That Small Businesses Face and How to Stop Them
The Top 5 Biggest Cyber Security Threats That Small Businesses Face and How to Stop Them
The biggest cyber security threats that small businesses face, and how you can protect yourself against them.
Expert Insights / Feb 01, 2020By Joel Witts
Small Businesses are just as at risk from cyber security
threats as large enterprises. A common misconception for small businesses is an
idea of security through obscurity, that your business is too small to be a
target, but unfortunately, this is not the case.
As attackers increasingly automate attacks, it’s easy for
them to target hundreds, if not thousands of small businesses at once. Small
businesses often have less stringent technological defences, less awareness of
threats and less time and resource to put into cybersecurity. This makes them an
easier target for hackers than bigger organizations.
But, at the same time, they are no less lucrative targets. Even
the very smallest businesses can deal with large sums of money, or have access
to huge amounts of customer data, which, under regulations such as GDPR, they
are obligated to protect. Small businesses also often work with larger
companies, and so they can be used by hackers as a way to target those companies.
Small businesses also arguably have the most to lose from
being hit with a damaging cyber-attack. A recent report revealed that businesses
with less than 500 employees lose on average $2.5 million per attack. Losing
this amount of money in a cyber breach is devastating to small businesses, and that’s
not to mention the reputational damage that comes from being hit by a cyber-attack.
For these reasons, small businesses need to be aware of the threats and how to stop them. This article will cover the top 5 security threats facing businesses, and how organizations can protect themselves against them.
1) Phishing Attacks
The biggest, most damaging and most widespread threat facing
small businesses are phishing attacks. Phishing accounts for 90% of all
breaches that organizations face, they’ve grown 65% over the last year, and they
account for over $12 billion in business losses. Phishing attacks occur when an
attacker pretends to be a trusted contact, and entices a user to click a
malicious link, download a malicious file, or give them access to sensitive information,
account details or credentials.
Phishing attacks have grown much more sophisticated in
recent years, with attackers becoming more convincing in pretending to be legitimate
business contacts. There has also been a rise in Business Email Compromise,
which involves bad actors using phishing campagins to steal business email
account passwords from high level executives, and then using these accounts to fraudulently
request payments from employees.
Part of what makes phishing attacks so damaging is that they’re
very difficult to combat. They use social engineering to target humans within a
business, rather than targeting technological weaknesses. However, there are
technological defences against phishing attacks.
Having a strong Email Security Gateway in place can prevent phishing emails from reaching your employees inboxes. Post-Delivery Protection is also crucial to secure your business from phishing attacks. These solutions allow users to report phishing emails, and then allow admins to delete them from all user inboxes.
The final layer of security to protect emails from phishing attacks is Security Awareness Training. These solutions allow you to protect your employees by testing and training them to spot phishing attacks and report them.
Malware is the second big threat facing small businesses. It encompasses a variety of cyber threats such as trojans and viruses. It’s a varied term for malicious code that hackers create to gain access to networks, steal data, or destroy data on computers. Malware usually comes from malicious website downloads, spam emails or from connecting to other infected machines or devices.
These attacks are particularly damaging for small businesses because they can cripple devices, which requires expensive repairs or replacements to fix. They can also give attackers a back door to access data, which can put customers and employees at risk. Small businesses are more likely to employ people who use their own devices for work, as it helps to save time and cost. This, however, increases their likelihood of suffering from a malware attack, as personal devices are much more likely to be at risk from malicious downloads.
Business can prevent malware attacks by having strong technological
defences in place. Endpoint Protection solutions protect devices from malware downloads
and give admins a central control panel to manage devices and ensure all users’
security is up to date. Web Security is also important, stopping users from visiting
malicious webpages and downloading malicious software.
Ransomware is one of the most common cyber-attacks, hitting thousands
of businesses every year. They’ve grown more common recently, as they are one
of the most lucrative forms of attacks. Ransomware involves encrypting company
data so that it cannot be used or accessed, and then forcing the company to pay
a ransom to unlock the data. This leaves businesses with a tough choice – to pay
the ransom and potentially lose huge sums of money, or cripple their services with
a loss of data.
Small businesses are especially at risk from these types of
attack. In 2018, 71% of ransomware attacks targeted small businesses, with an average
ransom demand of $116,000. Attackers know that smaller businesses are much more
likely to pay a ransom, as their data is often not backed-up and they need to be
up and running as soon as possible. The healthcare sector is particularly badly
hit by this type of attack, as locking patient medical records and appointment
times can damage a business to a point where it has no choice but to close,
unless a ransom has been paid.
To prevent these attacks, businesses need to have strong Endpoint Protection in place across all business devices. This will help to stop ransomware attacks from being able to effectively encrypt data. Businesses should also consider having an effective cloud back-up solution in place. These solutions back up company data securely in the cloud, which means that in the event of a ransomware attack users can easily recover their data.
4) Weak Passwords
Another big threat facing small businesses is employees
using weak or easily guessed passwords. Many small businesses use multiple
cloud based services, that require different accounts. These services often can
contain sensitive data and financial information. Using easily guessed
passwords, or using the same passwords for multiple accounts, can cause this data
to become compromised.
Small businesses are often at risk from compromises that
come from employees using weak passwords, due to an overall lack of awareness
about the damage they can cause. An average of 19% of enterprise professionals
use easily guessed passwords or share passwords across accounts according to a
To ensure that employees are using strong passwords, users should consider Business Password Management technologies. These platforms help employees to manage passwords for all their accounts, suggesting strong passwords that cannot be easily cracked. Businesses should also consider implementing Multi-Factor Authentication technologies. These ensure that users need more than just a password to have access to business accounts. This includes having multiple verification steps, such as a passcode sent to a mobile device. These security controls help to prevent attackers from accessing business accounts, even if they do correctly guess a password.
The final major threat facing small businesses is the
insider threat. An insider threat is a risk to an organization that is caused
by the actions of employees, former employees, business contractors or associates.
These actors can access critical data about your company, and they can case
harmful effects through greed or malice, or simply through ignorance and
carelessness. A 2017 Verizon report found that 25% of breaches in 2017 were
caused by insider threats.
This is a growing problem and can put employees and
customers at risk, or cause the company financial damage. Within small businesses, insider threats are
growing as more employees have access to multiple accounts, that hold more data.
has found that 62% of employees have reported having access to accounts that
they probably didn’t need to.
To block insider threats, small businesses need to ensure
that they have a strong culture of security awareness within their
organization. This will help to stop insider threats caused by ignorance, and help
employees to spot early on when an attacker has compromised, or is attempting
to compromise company data.
There are a range of threats facing small businesses at the
moment. The best way for businesses to protect against these threats is to have
a comprehensive set of security tools in place, and to utilize Security
Awareness Training to ensure that users are aware of security threats and how
to prevent them.
Expert Insights is a leading resource to help organizations find the right security software and services. You can read verified user reviews of all of the top security solutions and discover the top features of each service. Get started by visiting www.expertinsights.com/services
Ready to evaluate your Cyber Security Options?
Contact us for a free, simple assessment of your current security environment. We can provide quotes of multiple security solutions, as well as providing produce trials and demos.