SMEs are low-hanging attractive fruit

While the headlines focus on major security breaches at major companies, small and medium-sized businesses are the more common victims of cyberattacks. The Federation for Small Businesses (FSB) estimates that small firms are being hit with upwards of 10,000 attacks daily.

Even though the rewards may be less, cybercriminals see smaller organisations as low-hanging fruit because – due to lack of education and resources – they usually invest less in IT security and often don't train their staff on cybersecurity risks. 

Small businesses are more vulnerable to social engineering

Social engineering is an act of manipulating people into doing things like sharing confidential information or sending money when you otherwise wouldn't. Small businesses tend to be more exposed to this risk for several reasons.

SMEs tend to have less basic security in place, like two-factor authentication; they don't often know the risk or train employees; they usually work with a variety of third-party partners to run their business which is the root cause of 41% of data breaches, and they almost always make and receive payments using wire transfers.   



Small businesses often feel they must pay ransoms

Faced with choosing between paying a ransomware demand that may get them back online faster or enduring a long period of potentially business-crippling downtime, small businesses often feel that they have no choice but to pay these demands in the event of an attack. Cyber Threat Alliance president and chief executive Michael Daniel says: 

"The case for prohibiting ransom payments is clear. The case for prohibiting ransom payments is clear. Ransomware attacks are primarily motivated by profit. And without profit, attackers will shift away from this tactic."

There are proactive steps business owners and IT managers can take to protect themselves, such as backing up their business data regularly.

Small businesses are vulnerable to phishing attacks

Hackers don't want to take any risks that they don't have to. Small businesses are often targeted by spear-phishing tactics, which is when a hacker attempts to steal credentials by posing as someone with authority. 

Hackers will often take on an organisation's IT technician or vendor's identity to acquire credentials for internal network access. This action would result in hackers potentially gaining access to customer records, financial details and more.  

1. Train your staff

Make your staff aware of cyber-security threats and how to deal with them. Most modern security issues are sadly based on ignorance, not malicious intent. Assume staff don't know all the answers and give them an environment to learn. For example, show them what a phishing email looks like and the steps needed to avoid clicking on malicious links.

2. Make stronger passwords

Use strong passwords made up of at least three random words. Using lower and upper case letters, numbers and symbols will make your passwords even stronger. You could also consider using a password generator. Why not develop a company policy on strong password practices?

3. Get expert advice

We pride ourselves on being experts in the field of IT Support and security. Book in a call today and speak to one of our specialists who'll be able to help you understand your strengths, opportunities and threats in the world of cybersecurity.

While we make you as unattractive as possible to hackers, we'll keep you looking good for your customers.