Top 5 Cybersecurity Threats to Small Businesses — Plus Tips for How to Protect Yourself

By: Brian Robertson, CIC, CRIS

Brian Robertson specializes in advising commercial and residential developers, home builders, remodeling contractors, trade contractors, and landscaping contractors.

Every type of small business, regardless of industry, needs to be aware of the dangers of cybersecurity threats. Cybercriminals are constantly modifying their techniques, which means it’s more important than ever to have a cybersecurity plan — especially since cyber threats to companies is on the rise due to COVID-19. The increase of employees working from home are exposing vulnerabilities in many company’s infrastructures.

If you’re a small business, you might think cybercriminals would rather target a larger company. This is far from true. In fact, almost 70% of small businesses experience cyber attacks, and without a cybersecurity plan, they run the risk of going out of business. 60% of small businesses that experience a data breach or cyber attack close within 6 months.

Top 5 Types of Cybersecurity Threats to Small Businesses

1. Malware
Malware (or malicious software) is a cyber attack that “executes unauthorized actions on the victim’s system”. This can be deployed through ransomware, viruses, phishing, or other malevolent tactics. There are three main types of malwares: trojan horse, virus, and worm.

  • Trojan Horse: A scam where malware is hidden in an application, like a game or internet download.
  • Virus: A malicious code that attacks programs, files, or parts of the operating system. We’ll explain more about viruses in the next section.
  • Worm: A type of malware that infects a system and other associated programs.

2. Viruses
Although there are different types of viruses, all are programmed to harm your hardware. Computer viruses can damage programs, harm or delete files, or slow down computer performance. You can get a virus in a variety of ways including sharing files, opening infected emails, visiting a malicious site, and downloading harmful applications. Signs that you have a virus on your computer include an increase in pop-up windows, unauthorized password changes to your account, deleted files, and a slowdown in your network speed.

3. Ransomware
Ransomware, as the name suggests, holds a company’s important information for ransom. This includes passwords, credit card and other personal information, files, databases, applications, and other valuable assets. The “ransom” typically has to be paid within 24-48 hours, or the files will be lost or compromised personal information will be shared publicly.

Ransomware is most often spread through email spam or network attacks and often targets small businesses. In July of 2021, a ransomware syndicate called the REvil gang orchestrated a large attack via Kaseya, a company that provides small and medium-sized IT and security management solutions. This attack left between 800 and 1,500 small business vulnerable, and although Kaseya acted fast to control the situation, it still negatively affected many small businesses. Each business affected may have paid for an investigation into the breach and would have needed to notify customers if personal information was found to be stolen.

Every 40 seconds a new business in the US is attached by Ransomware

Source: Evolve Ransomware & Funds Transfer Fraud

4. Phishing
In a phishing attack, a cybercriminal aims to steal personal information like credit card or bank info, social security number, and passwords. These attacks often occur through emails or text messages that look trustworthy. Phishing and business email compromise (BEC) can be disastrous for small businesses. Criminals often make it seem as though an emailed invoice or link to a payment portal is legitimate, which is detrimental to both businesses and their customers. It’s important for businesses to have a cybersecurity plan, and for everyone to stay educated about cyber attacks.

5. Password Hacking
You may be aware that “123456” and “password” are among the most common passwords, and you shouldn’t use them. But did you know that 59% of people use the same password for all their accounts?

Password theft is an ongoing problem, and it’s important to protect your accounts with smart password choices. Cybercriminals can use a high-speed program to test passwords quickly. These programs are more successful when a victim uses commonly used passwords, or personal information like their birthday or pet’s name. Another technique commonly used by cybercriminals is called hashing. Depending on the encryption strength of the account software, hackers can use a “hash”, a one-way encryption software to steal passwords.

Why Do Hackers Target SMEs cyber attacks on small businesses

Cyber attacks on small business can happen for many reasons. Here are a few:

  • SMEs don’t think they will be targeted and aren’t prepared.
  • They can be easier to infiltrate due to outdated systems or lack of security protocols and training.
  • Cybercriminals are after personal data, which small business have, too.
  • They use SMEs to get to bigger businesses, like in the Target data breach in 2013, in which cyber criminals were able to access Target’s server through stolen credentials from a small third-party vendor.

How to Assess Your Businesses Risk

The first step to assessing your business risk is by running an assessment of your current security systems. Create an inventory list of assets, including all software and hardware. Generate a list of where data is stored and who has access. Make sure to keep this information in a safe, secure place, and limit who can view it. You should also run an assessment of your current security systems to discover where vulnerabilities may be. Running a business risk assessment will help keep your business secure.

Cybersecurity Best Practices

  • Have a cyber attack plan – Be prepared in case of emergency. You want to be able to best protect your business, employees, and clients if you get attacked.
  • Backup your data – Have a copy on a hard drive or cloud of all of your data in case you get hacked and your data gets erased.
  • Use a security software – Reduce your chances of getting hacked by using a security software that will constantly scan for threats.
  • Stay informed on the latest cybersecurity trends – Knowing how cybercrime is happening is a keyway to protect yourself from the latest methods.

How to Protect your Business

  • Educate your employees – Make sure employees are aware of cybersecurity threats and take precautions to protect themselves and your business.
  • Perform regular security audits and updates – This will ensure that there will be no vulnerabilities in your network and reduces the chances of a cyber attack.
  • Have malware and virus protection – This will automatically scan for threats and inhibit them from contaminating your computer and network.
  • Set up email spam filters – Spam filters will filter potential threats and reduce the possibility of a phishing scam.
  • Use Multi-Factor Authentication – Multi-factor identification requires a user to provide multiple verifications of identity. For example, a user logging into an account through a computer may be asked to enter a code that is send to his/her cell phone.

Cybersecurity Insurance

A small business data breach can cost between $36,000 and $50,000. Cybersecurity insurance can help cover losses associated with loss of data, lost profits after business interruption, investigation costs, legal costs, and more. Many insurance agencies also offer cyber training.

If you’re looking to learn more about cybersecurity or want a quote, we’ve got you covered. Contact us at 508.618.5743.

Is Your Insurance Company Working Hard Enough for You?

A good insurance company does more than just sign you up and forget your name. Unfortunately, that’s exactly what you get with many of the big-name companies. Discover the value of a local, independent agent, who can save you money AND go to work for you on needs like Massachusetts RMV services.

See What You're Missing