How hackers target small businesses

Customisable business insurance
09 June 2022
4 minute read

We all hear about it when big businesses are hit by cyber attacks. And it's easy to think that small businesses are less of a target. But no business, big or small, is immune in this era of cyber warfare. In fact, recent government data shows that 38% of small businesses suffered a cyber breach or attack in the last year, with the average cost of an attack over £8k.

When you think about it, small businesses are an easy target compared to larger corporations, for a few reasons.

How are small businesses vulnerable to cyber attacks?

There are a number of reasons why small businesses can be particularly susceptible:

  • A lack of specialist security and legal expertise
  • Fewer processes and controls
  • Employees working remotely with insecure Wi-Fi
  • Small businesses provide a 'back door' to larger clients
  • Less secure websites, emails and payment processes
  • It can be easy to lose track of data

4 common ways hackers capitalise on small business cyber blind spots

The ways in which a hacker can infiltrate the systems of a small business are many, with methods increasing and becoming more intelligent every day.

Here are just a few of the most common ways hackers target small businesses and what you can do to protect yourself and your business.

1. Exploiting human error

Malicious or not, human error is the most common reason for cyber-attacks and data breaches, with studies showing it's responsible for as many as 95% of incidents.

A breach can be caused by anything from employees accidentally sending sensitive information to the wrong email, losing their company smartphone or using default passwords. Yet despite the risks, many small companies don't have the necessary controls, training and communication in place to mitigate against breaches of this kind, which is music to hackers' ears.

2. Spear phishing attacks

One of the most common types of cyber attack, phishing is when an attacker sends out emails to multiple recipients, posing as a reputable company. The email will either contain malware in a link or attachment, or will prompt the recipient to enter sensitive account or password details.

Spear phishing is the term used when hackers target a particular company or individual.

Despite increased knowledge about malicious or suspicious looking email links, many phishing emails are surprisingly convincing and employees are often tricked into believing an email is from a reliable source. This gives hackers a safe gateway to exploit susceptible company networks.

3. Vulnerable security frameworks

Small businesses often don't allocate enough resources to deploy strong firewalls and updated security patches, resulting in loss of important information if faced with an attack.

Cybersecurity is a complex and multi-faceted issue, that requires the right technology and the right policies and processes in place. As small businesses are unlikely to have the necessary technical expertise internally, the best option is to turn to a third-party security provider to deploy strong firewalls and update security patches. But even that's not enough on its own, as the people elements also need to be taken into account, with thorough risk assessments, a cybersecurity policy and access controls.

4. Denial of service (DDoS) attack

A DDoS attack aims to make a network, service or machine inaccessible to its users. This type of cyber attack is on the rise, with DDoS for hire services making it easier and cheaper for cyber criminals to strike, bringing down websites and affecting businesses across the world. They work by flooding a company's servers with requests, so they are unable to cope and shut down. That leaves the business unable to trade for minutes, hours or even days, with potentially catastrophic long-term impacts. And it's not just big businesses that are affected – small firms are often more vulnerable due to their website architecture.

The rise of the Internet of Things (IoT) means that many start-ups and small businesses are trying to establish a foothold in this new area of innovation. But sadly, most of these devices – including video conferencing systems, IP monitored security systems, connected climate control systems, VoIP phones and even smart bulbs – are overlooked when it comes to cybersecurity, making them particularly vulnerable to hacking.

What you can do

Now you know how hackers find holes in your systems, there are things you can do to strengthen your cybersecurity.

To help, we've compiled a list of simple steps you can do to make your systems watertight – and it's free!

Download your free cybersecurity fixes

Skip the mistakes and boost your cyber protection now with these simple steps

Safeguard your business for every eventuality

In today's world, it's not a case of 'if' your business will be hit, but more a case of 'when'. These steps will help to protect your business by keeping you in "prepared mode" and helping you to allocate the right resources in the right places.

And remember, if the worst does happen and you're facing the repercussions of a data breach, your final line of defence is a specialist cyber insurance policy.

Share this article

We've made buying insurance simple. Get started.

Related posts