+44 (0)203 88 020 88

Menu

Search

Cyber Security News & Articles

 

Cyber Security
News & Articles

Trusted Cyber Security Experts
25+ Years Industry Experience
Ethical, Professional & Pragmatic

The Top 5 Cybersecurity Threats Affecting Small Businesses

If you are responsible for managing the IT of a small business, then you probably already know that it’s a jungle out there, one with cybercriminals hiding behind every bush.

According to the recent Verizon Data Breach Investigations Report, over the last two years small businesses have become the top targets of cybercriminals and are beginning to suffer from cyber breaches more than large businesses.

Cyber attacks against SMB’s are on the rise, primarily because cybercriminals expect a small business to have less resources dedicated to their security. Most small businesses do not have a dedicated security professional, they are just too small to justify the cost and this is the problem because it leaves them vulnerable and relatively easy-pickings for cyber criminals.

Against this backdrop, security through obscurity is no longer an option and the expectation that you are too small to attract the interest of cyber criminals is no longer realistic. We’ve put together a list of the five security areas that we observe small and medium-sized businesses being affected by the most:

unpatched Operating Systems and Software

Making sure that your computers and the software that runs on them is up-to-date is absolutely essential and is the bedrock of good security practice. Hackers take advantage of the vulnerabilities in unpatched software and operating systems to infiltrate organisations far too often. Failing to apply software and operating system updates when they are released puts your business at risk and weakens the overall security of your IT infrastructure. Don’t make it easy for them, make sure your servers & workstations have the latest operating system patches applied and that all 3rd-party applications are up-to-date.

Phishing Attacks

Those sneaky phishers are getting smarter and the bad news is that with them targeting humans and not computers, there is no truly effective method of stopping them.  By posing as legitimate contacts who may be known to the organisation, the phishers can fool the best of us sometimes and the only real way to defend against a phishing attack is through employee education.  Helping your employees understand the threat and regularly showing them different examples of phishing attempts reduces the likelihood of them clicking on something they shouldn’t.  Our recent article “10 Ways to Protect Yourself Against Phishing Attacks” has some of our top tips to help you and your staff remain resilient to phshing attacks.

Weak Passwords

Humans are terrible at choosing good passwords that are difficult for hackers to guess. Even worse, we often reuse the same password on multiple websites – making it even easier for hackers to find a way into your corporate applications or infrastructure.  Implement a good password policy and use password vaults to store and generate passwords for your employees. Your staff should also be taught about the dangers of reusing passwords, as one bad password used twice can lead to a very expensive breach.

Secure Your Wi-Fi

We have all visited businesses that provide a single Wi-Fi network to both their employees and visitors, where the password is the telephone number of the business or an easy-to-guess word.  Simple Wi-Fi passwords might be convenient when you need to remember them but they present a significant threat from a security perspective – making it easy for hackers to infiltrate your wireless network if they have guessed the password.  If no further network controls are in place, once an attacker has compromised your corporate wireless network, they will most likely have access to your entire internal network.

If the attacker is using a long-range Wi-Fi antenna, they don’t even need to be that close to your business to launch an attack on your wireless network.  Lock your Wi-Fi down by changing your routers default administrator password, change your Wi-Fi network password encryption to WPA2+AES and change your Wi-Fi password to something that is long and hard to crack.  If you want to allow guest users to have Wi-Fi access when they visit your organisation, a separate SSID should be implemented which allows guests to access the Internet but isolates their devices from the rest of your network.

Make Yourself Malware Resistant

There are a number of things that you can do to make your business more resistant to malware attacks. The nuclear option is to completely lockdown your employees workstations by removing their admin privileges, so that neither they, nor malware can install anything on the machine. Restrict the kinds of websites that your employees can visit on their computers. Websites that contain pirate streaming movies, pornography and gambling often contain malware waiting to infect visitors foolish enough to click on their links. Make sure that you have a good antivirus (AV) on the workstations and your servers, which forces scans of all downloaded files as well as your email contents. When AV is properly implemented it can catch a lot of viruses before they spread across your network.

 

While these are SecureTeam’s top five threats facing small businesses today, they are by no means the only threats that could affect your business.  That being said, if you can stay on top of the above five threats then you will go a long way to ensuring a decent level of security for your business and dramatically reduce the chances of becoming a victim.

Ultimately management awareness and employee training on cyber threats is essential no matter what business you are in and with all of the recent news about cyber attacks large and small, ignorance of the threat landscape is no longer an excuse.  The good news is that there are hundreds of different groups and services that can help you improve your overall cyber security posture and help your small business get to grip with these threats, often for free.

We recommend that you invest in Cyber Essentials Certification at a bare minimum, its an inexpensive certification process run by the UK’s National Cyber Security Centre (NCSC) that will help strengthen your organisations cyber resilience.  Cyber Essentials certification for your business demonstrates your commitment to IT security in the eyes of your employees and customers.

The National Cyber Security Centre (NCSC) also provide a brilliant small business cybersecurity guide that you can download for free and comes with video guides, infographs, employee training materials and small business action lists for improving your company’s cybersecurity.

With some careful practices, good internal processes and regular employee education, both you and your employees can do a lot to help secure your business against cybercriminals. Even if all you do is pass through the Cyber Essentials certification process, its technical control requirements will put your business on a much firmer footing from a security perspective and help you proactively defend your business against a wide range of cyber threats.

Subscribe to our monthly newsletter today

If you’d like to stay up-to-date with the latest cyber security news and articles from our technical team, you can sign up to our monthly newsletter. 

We hate spam as much as you do, so we promise not to bombard you with emails. We’ll send you a single, curated email each month that contains all of our cyber security news and articles for that month.

Why Choose SecureTeam?

Customer Testimonials

“We were very impressed with the service, I will say, the vulnerability found was one our previous organisation had not picked up, which does make you wonder if anything else was missed.”

Aim Ltd Chief Technology Officer (CTO)

"Within a very tight timescale, SecureTeam managed to deliver a highly professional service efficiently. The team helped the process with regular updates and escalation where necessary. Would highly recommend"

IoT Solutions Group Limited Chief Technology Officer (CTO) & Founder

“First class service as ever. We learn something new each year! Thank you to all your team.”

Royal Haskoning DHV Service Delivery Manager

“We’ve worked with SecureTeam for a few years to conduct our testing. The team make it easy to deal with them; they are attentive and explain detailed reports in a jargon-free way that allows the less technical people to understand. I wouldn’t work with anyone else for our cyber security.”

Capital Asset Management Head of Operations

“SecureTeam provided Derbyshire's Education Data Hub with an approachable and professional service to ensure our schools were able to successfully certify for Cyber Essentials. The team provided a smooth end-to-end service and were always on hand to offer advice when necessary.”

Derbyshire County Council Team Manager Education Data Hub

“A very efficient, professional, and friendly delivery of our testing and the results. You delivered exactly what we asked for in the timeframe we needed it, while maintaining quality and integrity. A great job, done well.”

AMX Solutions IT Project Officer

“We were very pleased with the work and report provided. It was easy to translate the provided details into some actionable tasks on our end so that was great. We always appreciate the ongoing support.”

Innovez Ltd Support Officer

Get in touch today

If you’d like to see how SecureTeam can take your cybersecurity posture to the next level, we’d love to hear from you, learn about your requirements and then send you a free quotation for our services.

Our customers love our fast-turnaround, “no-nonsense” quotations – not to mention that we hate high-pressure sales tactics as much as you do.

We know that every organisation is unique, so our detailed scoping process ensures that we provide you with an accurate quotation for our services, which we trust you’ll find highly competitive.

Get in touch with us today and a member of our team will be in touch to provide you with a quotation. 

0

No products in the basket.

No products in the basket.