Cyber Security threats that face small businesses

It was not that long ago that for many small businesses, IT was not critical.  However, with the huge increase in online shopping, social media, apps for accounting and e-mail-for-everything, the growing risks from cyber threats, affect everyone.

Smaller businesses may feel their size protects them, imagining hackers might target larger and more lucrative companies, however in our experience this is not the case. Cyber attacks are often not targeted at specific businesses, and many smaller firms lack the knowledge and basic protection, making them more vulnerable.

Let’s take a look at the most common cyber security threats which small businesses face.

Phishing Attacks

Phishing is by far the most common form of cyber-attack, with Cisco estimating that it accounts for around 90% of all data breaches.  The aim is to steal personal information, such as credit card numbers, bank account details, or passwords, by tricking users to click on bad links. Whilst Phishing attacks are most commonly delivered as a convincing looking e-mail, increasingly text messaging or social media links are being used to tempt people to fake websites.

A combination of a strong email security gateway can help identify attacks, and the use of multi factor authentication can help a business minimise the impact if a bad link is followed.  As with all cyber security threats, educating staff and having a quick, easy, and guilt-free way of reporting any potential breaches, is vital to minimising cyber risk.


Malware, short for “malicious software,” is where cybercriminals manage to install code on a computer, which may cause damage, steal data, or give hackers a back-door route to access the computer system. Common types of malware include viruses, worms, or trojan horse attacks.

One of the problems with malware is that it is not always obvious that a system has become infected. The first signs of a malware attack may only be visible once it becomes apparent that customer or confidential data has been stolen, or a larger attack, facilitated by the malware, has taken place.

The best defence against malware (alongside good staff training) is using strong Endpoint Protection software, designed to defend against malware threats across a business’s entire IT systems.


Ransomware is an increasingly common cyber threat.  It is a form of malware, and operates by locking computer systems or encrypting data, rendering it unusable until a ransom has been paid. In 2018, around 70% of ransomware attacks were on small businesses, as poorer security and recovery options would make them more likely to pay the ransom demand.

Strong Endpoint Protection can help prevent such attacks, whilst having an offline copy of critical data, using an effective cloud back-up solution, will make recovery without paying the ransom, easier.

Password Hacking

We have said it before and we will say it again, the use of weak or repeated passwords makes a hacker’s life so much easier. A recent CNBC article suggests passwords are notoriously weak.  Based on analysis of a large number of leaked email passwords, they discovered that the most common password was “123456”, with “Qwerty” making it into the list at number 3, just ahead of “Password” at number 4. 

A good password manager can help improve cyber security. It runs on all your devices (PC, phone, tablet, mobile etc) and manages your passwords, so users don’t need to remember them. Many password managers will automatically fill in the relevant online user id and password boxes, saving the user time and effort.  Most importantly, it allows stronger, more secure passwords to be used, and different passwords to be used for each site. A vital security step for small businesses.

Insider Threats

This is the threat that no-one likes talking about, but it’s very real. The risk comes from an employee, former employee, business contractor or associate who has access to IT systems, passwords, or data. Verizon found that over 20% of data breaches were caused by insiders.

Whilst it is almost impossible to eliminate the risk completely, there are a couple of ways to reduce it. Ensuring that employees only have access to the data and systems they need, will help compartmentalise any breach, as well as helping to identify the source. Knowing which systems a user has access to, means that passwords can quickly be changed if a person leaves. Making sure there is a strong culture of security awareness within the company will also help others to spot potential misuses of data or strange behaviour, before too much damage is done.  


Cyber threats are real, and they are growing.  Small businesses are not immune from the threat.  The good news is simple and basic precautions can help. Strong Endpoint Protection software, taking regular back-ups of critical data, and a good password app, will serve any small business well.  Perhaps the most important thing for a small business, however, is to make sure staff are well trained in cyber threats and know what to do if they suspect an attack or spot a potential risk. Employing a good cyber security lead, could be just what is needed to help protect and grow your online business.

About Intaso

Intaso are all about people and cyber security. A boutique head hunting and talent solution firm with Cyber and Information Security expertise, we have extensive first-hand expertise across all elements of attracting the right talent from often unfound and untapped resources. We believe that having a genuine passion for the industry, pride in the quality of our services, a tailored range of talent solutions, and a personal approach means we have a unique offering which has worked with businesses of all sizes and industries. If you are looking for the best talent in the industry, or want to discover a great new role, please get in touch.  We would love to hear from you.