One might think that only big businesses, the companies that have lots of money or work with tons of important data, will be targets of value to cybercriminals. After all, why would someone go for a small business that works with thousands of dollars monthly when they can go for a big one that works with hundreds of thousands or even millions? Well, as clickbait articles like to say, the answer will surprise you.
While it is natural to think that influential organizations are the main targets of cybercriminal attacks due to such events making headlines and being reported worldwide, the studies show that small and medium businesses are often attacked. 76% of cyberattacks target businesses with under 100 employees, which means that that number is three times bigger than the number of attacks on more prominent companies. Of course, as the media prefers more dramatic news, such as cybercriminals holding a city hostage by shutting down their electricity, we will not often hear of such attacks, making the job for the criminals often much more accessible.
Smaller companies make attractive targets for cybercriminals for many reasons. One of them is that sometimes, people will not even realize they had been attacked due to lack of knowledge needed to protect themselves from such attacks. Additionally, that same lack of knowledge will make the small businesses easier targets because the owner and the employees will not know how to protect their online presence adequately.
They might not expect to be attacked, or they might not be ready to invest time and money in cybersecurity, which can cause them even more trouble than it would for a more prominent company. After all, a vast company will potentially lose more money if a cybercriminal passes all of their defenses and performs a successful attack. Still, the bigger they are, the easier they will bounce back. On the other hand, a smaller company might lose everything they have and have to close down, as it has unfortunately been known to happen often after only a few months following a security breach.
Small businesses are most often targeted through malware, phishing attacks, identity theft, and data breaches. A particular type of malware called ransomware locks a computer until the ransom has been paid. It has been widespread, with ransom being smaller than $10,000, and many small organizations opt to pay it. However, spending does not mean the data will be recovered, as the cybercriminals might just ask for more and more payments, as many movies and books, including blackmail, have taught us.
Another problem is that many cyberattacks on small and medium businesses are never reported. It might seem to people that there is no point and that it will not change anything, but by not reporting, they are allowing the criminals to continue making their attacks without anyone knowing or going after them.
While it might seem like the main security weakness of the smaller companies lies in the lack of security software, the fact is that the human factor poses much more danger. Most people today are not aware of all the risks that hackers and cybercriminals can be and of all the problems they can cause, and they are often not able to recognize their attacks and scams.
Additionally, many people do not know how to take precautions that would protect them from cybercriminals, clicking on links in suspicious emails, having weak passwords (even in recent years, the most common passwords still seem to be ‘password’ and ‘123456’) and more.
Everyone needs to educate themselves, and, of course, people around them, from family and friends to employees, colleagues, and employers, how to recognize cyber threats and protect themselves from them. It might seem scary and confusing, but even the most basic stuff can make a big difference – never click on an attachment or a link that comes with an unsolicited message trying to sell you something, telling you you won a price you know nothing about or threatening you in any way. Those are all common scams.
Use unique and strong passwords and do not share them with anyone. Keep your software and operating systems up to date. Enable multi-factor authentication. Back up all the critical data on a separate hard drive that will not be connected to your computer all the time. The responsibility of protecting a company from cyberattacks lies with every person that is a part of it.
We Keep You Protected,
Wherever You’re Connected