Skip to main content

Original text

Powered by Google TranslateTranslate
Powered by Google TranslateTranslate
Top 6 Cybersecurity Threats for Small Businesses
June 14, 2024
man and woman standing behind counter at clothing store looking at computer

Address Cybersecurity Threats

The phrase “cyber-attack” likely makes you picture a team of sophisticated hackers stealing billions of dollars from a multinational bank. 

But small businesses aren’t immune to cybersecurity threats. According to specialist insurer Hiscox, 23% of small businesses suffered at least one cyberattack in 2020, at an average financial cost of $25,000.

Let’s take a look at six of the biggest cybersecurity threats and what you can do about them.

1. Remote Working

Coronavirus hasn’t just caused an unprecedented global health crisis –– it’s also resulted in a spate of cyberattacks.

There’s been a 300% increase in cyberattacks since the dawn of the pandemic. Between February and March 2020, the volume of phishing emails –– designed to capture sensitive information, often by convincing recipients to download malicious attachments –– surged by more than 67%.

What Can You Do About It?

Because remote working is still (relatively) new to a lot of us, many simply don’t have the skills or experience to protect themselves –– and their employers –– online.

The solution, therefore, is education. Hold training sessions to help employees identify common threats and explain cybersecurity best practices, such as avoiding suspicious-looking links and files, and locking their computers when they’re away from their desks.

2. Employee Burnout

With endless virtual meetings, long hours, minimal separation between work and social time, the pandemic has been tough on remote workers. It’s no surprise that two-thirds of employees report “sometimes” or “often” feeling tired or having little energy while working from home:

bar graph showing "feeling tired or having little energy" is the highest reason.

Tired employees are more susceptible to human error –– whether through completing substandard work or making bad decisions that jeopardize security.

What Can You Do About It?

The solution here might seem counterintuitive: force your employees to do less work.

Insist they take all of their allocated breaks and use all their annual leave. And as a manager, play your part in stigmatizing the culture of unpaid overtime by never sending emails outside of working hours.

If your team is well-rested and focused, they’ll make fewer mistakes, which reduces the risk of cybersecurity breaches.

3. Cloud Storage

It’s not hard to see why cloud providers have become so popular. The ability to open files and access information on any device, from any location –– rather than storing them on a single, physical hard drive or server –– is extremely useful for employees.

Unsurprisingly, 84% of organizations using the cloud say they do so to store data or backups. Less than 10% saying they don’t use the cloud for storage and have no plans to do so within the next year:

While storing documents in the cloud is undoubtedly convenient, it also increases your vulnerability to cybercrime by giving hackers more potential attack points.

What Can You Do About It?

Wherever possible, make sure work is being carried out on corporate rather than personal devices, and that those devices are equipped with security measures like two-factor authentication. 

As well as reducing the risk of hackers gaining access to employee accounts, this approach ensures the IT team can see everything that happens across your network, enabling them to monitor –– and take rapid action against –– malicious activity.

4. Former Employees

Humans are often the biggest cyber threat facing your business. We’ve already discussed the threat posed by burned-out current employees; now let’s look at former employees.

According to a CIO Insight survey, one in five organizations have experienced data breaches by former employees. And of those, almost half admitted that more than 10% of all their data breaches have been caused by ex-employees. Not only is this a major cybersecurity threat, but it also poses potential legal issues.

What Can You Do About It?

In an ideal world, your ex-employees would never leave your organization on bad terms, so they’d have no desire to leak sensitive information.

Unfortunately, In reality, there are always going to be times when people exit your company under a storm, so you need to make sure they can’t cause any damage. Scrutinize all accounts that have access to internal tools and systems, and terminate those that are no longer used or are connected to former employees. 

The fewer active accounts, the lower the threat.

5. Password Management

Passwords have been the cornerstone of cybersecurity efforts for decades now. Yet research shows many organizations still aren’t using them effectively. In fact:

  • 35% don’t require a minimum password length
  • 32% don't require special characters 
  • 29% don't require numbers
  • 28% don’t require a combination of upper and lowercase letters
  • One in five businesses rotate passwords less than twice per year

By failing to take such basic steps, these organizations leave themselves highly vulnerable to hackers cracking their passwords. This issue is further exacerbated when the same passwords are replicated across multiple accounts.

What Can You Do About It?

Fortunately, this one is easy to solve: just implement all those basic best practices into company IT policy. By forcing users to take steps like regularly changing their passwords and using special characters, the risk of attack is reduced.

6. Cyber Fatigue

Whereas large organizations have entire teams dedicated to tackling and preventing cybersecurity threats, that isn’t the case for small businesses. Often, it won’t be any single person’s job to deal with cybercrime or assess threats. 

So it’s no wonder that 39% of businesses say they feel overwhelmed by the number of security alerts and updates they receive on a daily basis. What’s more, 55% admit to ignoring known cybersecurity issues in favor of different business priorities, while one in five say they ignore security alerts altogether.

What Can You Do About It?

Given the scale of risk and the potential losses involved, you simply can’t afford to ignore cybersecurity threats. Invest in robust antivirus and firewall software. And if you don’t have the in-house resource to deal with cybersecurity threats, consider outsourcing the work to a third party.

712 H St NE PMB 98848
Washington, DC 20002

Copyright © 2024 SCORE Association,

Funded, in part, through a Cooperative Agreement with the U.S. Small Business Administration. All opinions, and/or recommendations expressed herein are those of the author(s) and do not necessarily reflect the views of the SBA.

Chat generously provided by:LiveChat

In partnership with
Jump back to top