Cybercrime Threatens Small Businesses Too

Written by Jasmine Tatter

When we think of cybercrime, we often envision a large corporation getting hacked with ransomware, and sensitive information being stolen or demands for large sums of money made to get the encryption key to gain access to data that has been blocked. However, the reality is that smaller companies are actually targeted three times more frequently than larger ones.

This applies particularly to social engineering attacks, with companies with fewer than 100 employees being 350% more likely to be targeted. With this in mind, we will do a deep dive into what makes small businesses a more likely target and how you can protect yours.

Challenges Faced by Small Businesses

Small business owners often think they aren’t a viable target because of their size. However, with the increase in sophistication of technology, cybercriminals can now purchase Ransomware-as-a-Service (RaaS), which allows them to launch dozens, or even hundreds of attacks simultaneously. This makes it easy for them to target businesses of all sizes.

There are several reasons why small businesses are more frequently targeted by cybercriminals. These include:

  • Fewer resources – The smaller the business, the fewer resources they have at their disposal, simply because smaller companies often don’t have the budget for a dedicated cybersecurity team.
  • More vulnerabilities – Because of the lack of resources, small businesses are more likely to have vulnerabilities in their security. This can include things like out-of-date software and applications, inadequate identity and access management (IAM), insufficient cybersecurity technology and tools, and a lack of cybersecurity training for employees.
  • Gateway attacks – Sometimes, cybercriminals can use attacks against smaller businesses as a way to target larger corporations. For instance, they can attack smaller companies in a supply chain, allowing them to gain access to the larger company’s network.

Most Common Cyberattacks on Small Businesses

While there are many different types of cyberattacks, there are five that are most commonly experienced by small businesses.

Inadequate passwords

Passwords that are weak can be easily hacked. This makes it easy for cybercriminals to use stolen login credentials to gain access to a network. Small companies are especially vulnerable because they may not be using multifactor identification to verify the identity of the user, thus allowing an attacker to easily slip into the system.


This is the most likely social engineering attack to be used against a small business. With uneducated employees, it’s easy for an attacker to send an email that looks authentic to a targeted employee, only to have that employee click on a link or download an attachment. It only takes one employee to fall for a phishing email for an attack to be successful.

Malware and ransomware

There are many different types of malware, which can be designed to infect a device or a system to steal or destroy data or gain access to a network. Ransomware is one of the most dangerous types of malware, in that it essentially holds a business hostage. When a ransomware attack is launched, the company’s sensitive data is encrypted and the only way to decrypt the data is to pay the ransom.

Out of date software

Software developers regularly send out security patches for software and applications. These patches can help protect against the latest cyberthreats, but only if they’re actually installed. Allowing software, apps, and even operating systems to continue being used without the latest patches is like extending an invitation for attackers to hack their way into the system.

Insider threats

Insider threats are threats that come from current and past employees, contractors, and anyone else that has access to your network, and not all of them are malicious. Sometimes, the insider threat is simply due to human error, an employee making a mistake that allows an attacker in. However, sometimes a current or former employee, business associate, or contractor may become or work with an attacker out of greed or hatred.

How to Protect a Small Business Against Cyberattacks

  • Have a strong password policy in place that requires employees to create strong, complex passwords that are changed regularly.
  • Use multifactor authentication to ensure that only those who gain access to the system are those who are permitted to.
  • Operate on a principle of zero trust, which assumes that every single user who requests access to the system is a potential threat until proven otherwise.
  • Install all updates and patches to software, applications, and your operating system as soon as they are made available.
  • Educate employees about the risks of phishing, how to recognize a phishing email, and what to do if they think they’ve received one.
  • Ensure you have a strong email security gateway in place to help weed out potentially harmful emails from making it through to an employee’s inbox.

Fortunately, even if your small business doesn’t have the resources a larger company has, there are still steps you can take to protect your company. These include the following:

Even if you don’t have a large security budget, having a third-party help you determine how to make your small business more secure can make a huge difference. Platinum Technologies, can provide you with a full security assessment and security consulting services to help ensure your small business is as secure as possible.

You May Also Like…

Share via
Copy link
Powered by Social Snap