Skip to content

Search Marco

    6 Ways Small and Medium-Sized Businesses Are Vulnerable to Cyber Attacks

    By: Mike Burgard
    August 6, 2019

    Is your small business protected from cyber attacks? As businesses continue to rely more and more on technological advances and integrate new technologies into their network, their risk continues to rise. As a whole, businesses are unaware of the many ways they are vulnerable, and cybercriminals know it. According to Verizon’s 2019 Data Breach Investigation Report, 43 percent of cyber attacks target small businesses. 

    Small and Medium-Sized Businesses Make Ideal Targets for Cybercriminals

    Keeping your business safe involves much more than enforcing a company-wide password policy. Small and medium-sized businesses are vulnerable from many angles, and protection starts with education. Here’s a look at six ways cyber attacks can target your company.

    1. Targeting Employees

    Cybercriminal using binoculars to read private company data

    Many businesses don’t realize how important it is to ensure their employees know the role they play in keeping a company safe. Inattentive or complacent employees make easy targets for cybercriminals hoping to access your network.

    Typically, employees don’t have a clear understanding of the many types of cyber attacks and the ways they can protect themselves and their company.

    Sharing this article may be a good starting point when addressing the lack of knowledge fellow employees may have regarding cyber safety and helping them develop some trust in what it takes to protect their company. 

    2. Targeting Technologies

    Cybercriminals love to look for openings in your business technology infrastructure. 

    • Does your business have an expired antivirus? 
    • Are your firewalls operational? 
    • Do you have intrusion detection and prevention software and systems in place? 
    • Are your patches up to date? 
    • Is everybody running on the most up-to-date version of Windows? 
    • Have you set up limited and restricted access internally?

    Any and all of these technologies can leave your business vulnerable to cyber attacks. While these seem like relatively simple things to update and maintain, it is not at all uncommon for businesses to leave themselves vulnerable in these areas. You may even have these technologies in place, but are they current, effective, and configured correctly? Protecting your business requires all three. 

    3. Targeting via Email

    I bet just about everyone reading this has received phishing emails sent to their work email. From a cyber criminal’s perspective, phishing emails don't require many resources. After all, it only takes one employee clicking on a link to provide network access to someone trying to harm your company. 

    Cybercriminals also do what’s known as “spear phishing,” which is a more targeted attempt at infiltration via email. Spear phishing emails put more research and effort behind fooling recipients into thinking the email is an internal communication. Because spear phishing attempts are composed in a way that looks familiar, these attempts tend to trick employees. So, no, the prince is not trying to send you money. And if that message "from your CEO" looks suspicious, they probably didn't send it.

    4. Targeting via the Internet and Social Media 

    The internet has no shortage of malware lurking within websites and advertisements, and social media is no different. Employees may receive friend requests from fake "friends” who are looking to steal and compromise sensitive data.

    Watering hole attacks are also common, where cybercriminals use freely shared data to prepare targeted attacks within specific industries and verticals.  

    5. Targeting via Specific Attack Vectors

    Cybercriminals also focus on particular entry points, looking for common weaknesses among businesses. For instance, if a cybercriminal successfully hacks into a business via their mobile network, they’re likely to use that same approach with their next attempt, knowing it’s already been successful. Cybercriminals are known to target network connections, the cloud, mobile networks and the Internet of Things (IoT). 

    6. Criminal Groups

    It’s also important to know there are different types of groups looking to access, compromise and steal internal company data. Cybercriminals aren’t always some anonymous, international hacker. Businesses need to be aware of malicious insiders who infiltrate a company with the intent of stealing data, as well as organized crime rings with a larger strategy to profit from unprotected small and medium-sized businesses. 

    Protecting Your Business in the Digital Age

    In today’s digital landscape, cybercriminals have near-endless options for accessing sensitive data. Protecting your business from cyber attacks, ransomware and data breaches needs to be part of the conversation. You can learn more about business security best practices and how to protect your business with the IT Security Checklist: 


    Access Security Checklist

    Topics: Data, Security, Network Security
    Subscribe to Our Blog