SMB – A Soft Target for Cyber-Criminals

SMB – Cyber security Challenges

For small and mid-market businesses, recovering from a cyber attack can be daunting, time-consuming, and for some, financially irreparable. With almost half of all cyberattacks happening to SMB’s, it’s clear that cybercriminals don’t discriminate based on size.

SMB’s are often viewed as soft targets because they don’t have the expertise and budgets of larger enterprises. Here are some of the most significant cyber risks affecting mid-market businesses and tips on how you can beef-up your defenses.

Targeted Attacks against employees

Email remains the #1 delivery vehicle for malware, with 90% of all attacks starting with a targeted email using social engineering. Phishing and spear-phishing target your employees encouraging them to click a malicious link or give up their credentials. For SMBs, people remain the number one target of cybercriminals.

Educating employees should be SMBs first line of defense against phishing attacks, but with ever-changing attack strategies, education alone isn’t enough. SMB’s need to make sure that they have the right security system in place and internal policies and procedures to encourage staff members to report suspicious activities.

Password Attacks

Passwords are something we take for granted, and cybercriminals use this to their advantage. We’ve all been guilty of the old “Password123” scenario. It only takes one password breach to open the door to your businesses sensitive data. To limit password attacks, SMBs should encourage employees to change passwords frequently, educate employees not to use first and last names, and use multifactor authentication for an extra level of protection.


Malware is any form of malicious software, like a rogue email, virus, trojan horse, or ransomware. Your business can recover from some malware attacks, but not all, especially if it corrupts your data. To thwart potential attacks before they happen, educate employees about social engineering and how to spot a rogue popup or fake email.  Consider a multi-layer security approach, including a firewall, anti-malware, anti-ransomware, and anti-exploit technology.


Ransomware will limit or remove your ability to access valuable data, holding it ransom until you pay to get it back. Industries targeted include hospitals, banks, law offices and healthcare firms. Ensuring systems and software are up to date, using a firewall, content scanning mail servers, and using a reputable anti-virus are all good starting points to protect against a ransomware attack.

Rogue Insiders

Managing insider-threats from employees is extremely difficult as many data breaches are caused by human error rather than malicious intent. With access to client data, intellectual property, and sensitive financial information, an internal leak can be devastating.

SMBs should use a service provider to incorporate tools for compliance, data protection, and user behavioral analytics, to proactively protect against both criminal intent and human error.

Leaving the cybersecurity door wide open is no longer an option for SMBs. Believing that you can fly under the radar because you are smaller is incredibly risky. SMBs need enterprise-class security solutions at affordable rates. With the right security partner that understands your business needs, it’s possible to be both small and mighty when it comes to cybersecurity.

SMB – A Soft Target for Cyber-Criminals
Scroll to top