Cyberthreats facing small to medium businesses

Since larger companies such as Target and Twitter dominate the headlines whenever there’s a data breach some small to medium size businesses are left with the false impression that hackers only go for the big guys. In reality, smaller and medium size businesses are arguably at a higher risk, especially with the rise in popularity of third-party attacks and supply-chain attacks. The 2020 SolarWinds breach is a perfect demonstration of the dangers of a supply-chain attack. But in today’s world there’s no shortage of cybersecurity threats facing businesses, these ten should be on any business owner’s radar.


Ransomware attacks can pose a serious threat to the livelihood of a company. Ransomware is a type of malware that prevents the user from accessing their data either by locking the computer or encrypting the data until a ransom is paid. Even when the ransom is paid it’s not always guaranteed that the cybercriminal will unlock the computer or unencrypt the data. 

Patch Management

Poor patch management can easily give a threat actor access to your network or data. Since a patch or update is usually meant to address a problem in the software leaving software out of date and unpatched leaves your network exposed and full of vulnerabilities. A vulnerability is a weakness that a cybercriminal can exploit to gain access to your network. Cybercriminals constantly take advantage of unpatched software therefore having a patch management plan in place will help keep your business safe.

Phishing Attacks 

Unfortunately, phishing attacks are common and often successful. According to Cisco’s 2021 Cybersecurity Threat Trends report, phishing attacks are responsible for 90% of data breaches. Since this type of attack relies on human error companies of all sizes should invest in educating their employees on the dangers of phishing attacks and how to successfully identify a phishing attack.

Social Engineering Attacks 

Social engineering attacks aim to manipulate people into giving up sensitive information. Social engineering attacks pose a unique threat since they are exploiting human emotion and weaknesses in your physical defense instead of computer software or hardware. Regularly testing the parameters of your physical security along with employee training and education are the best ways to avoid falling victim to a social engineering attack. 

Third-Party Exposure 

A third-party breach is when an attacker gains access to your network through a third-party vendor or when the third-party vendor’s network is used to gain access to your network. The now infamous Target breach is an example of a third-party breach since the cybercriminals first infiltrated a third-party vendor which then allowed them to hop into Target’s network.

End Point Security 

As remote work, bring your own device (BYOD) and the use of cloud services increase end point security will be an important part of maintaining the integrity of your network. This means making sure every desktop, laptop or mobile device that accesses your network is secure.

Insider Threat

Sometimes an insider threat can be a disgruntled employee abusing of their power to harm the company. On the other hand, an insider threat can be an employee who unintentionally compromises the company by clicking on a phishing email or falling victim to another social engineering attack. Whether intentionally or accidentally insider threats could cause severe damage to a company’s network.

Staying safe from cybercriminals and knowing how to protect your business involves following all cybersecurity best practices. Employee training, enabling multi-factor authentication, performing regular network audits and staying informed on current cybersecurity threats are a few steps any company can take to help protect their network and sensitive data.

Want more tips? Be sure to sign up for our free weekly cybersecurity tips. One easy tip to your inbox each week!