When it comes to cyber threats against businesses, the public focus tends to be on large companies and corporations. Though big businesses tend to dominate the cybersecurity headlines, this doesn’t mean small businesses like yours are immune to cyberthreats. In fact, according to the Verizon Data Breach Investigation Report, a whopping 43% of data breaches were aimed at small businesses in 2018.

Cyberthreats can put your small business at risk in more ways than one. Not only do data breaches put your company’s most sensitive information at risk, they also degrade your customers’ and vendors’ trust in your company.

Customers who choose to do business with you trust that the financial and personal information they give you is secure and safe. If this trust is violated, your customers may think twice before doing business with you again. After all, your competitors are just a click away.

Read on to learn about the most common types of cyberthreats targeting small businesses, and what you can do to protect your company, your customers and your bottom line.


Ransomware is a type of software designed to deny access to data or a specific computer system until money — referred to as a ransom — is paid.

According to the Cybersecurity and Infrastructure Security Agency, ransomware is typically spread through phishing emails and by visiting an infected website. CISA warns that ransomware can put all of an individual’s or an organization’s data at risk, and there’s no guarantee of recovering it even if you pay the ransom fee.

To prevent ransomware attacks within your small business, CISA recommends the following steps:

  • Regularly update your software and operating systems with the latest patches
  • Advise all employees to never click on links or open attachments from unfamiliar emails
  • Regularly back up all data and store it on a separate device like an external hard drive
  • Use caution when searching the Internet, and pay attention to warnings
  • Restrict employees’ ability to install software applications by requiring an administrator password
  • Use strong spam filters to keep phishing emails from reaching inboxes in the first place
  • Scan all incoming and outgoing emails for threats and viruses


Phishing is a type of cyberattack through email. It is meant to persuade the recipient to open a message by leading them to believe the email contains legitimate information, and to bait the user to click on a link.

According to CSO Online, phishing is distinguished from other forms of cyberattacks in that it pretends to be an email from a real company, or even a real person, to entice the recipient to open the message. Phishing attacks can result in financial loss and can put a business’ data at risk.

The following steps can be taken to prevent phishing, according to Norton:

  • Be vigilant when opening emails — even if you recognize the sender’s name, look at the email address to see if they are really from a real person or company
  • Do not click on any links or download any attachments in suspicious emails

Weak passwords

Weak passwords are access codes that are easy for cyber attackers to crack through hacker programs. This gives hackers access to a business’ financial data, employee data, customer and vendor information and anything that is password-protected.

To block cyber attackers, follow these tips for creating a strong password:

  • Passwords should have at least eight characters
  • Passwords should have a mix of four types of characters, including uppercase and lower-case letters, numbers and special characters
  • Passwords should not be an actual word or name, or include part of your name or address
  • A person should be able to type it quickly so no one watching can easily see the password’s keystrokes
  • Passwords should be changed at least every 90 days


Malware — short for malicious software — is software designed to either damage or gain access to a computer system. This can put a business’s computer files, hardware, financial records and customer data at risk. Cyber attackers can use this information to commit identity theft of employees or customers.

Norton offers the following tips to prevent malware:

  • Install anti-virus and anti-malware software
  • Run regular diagnostic scans with anti-virus and anti-malware software
  • Use caution when browsing the Internet
  • Avoid clicking on suspicious links
  • Be alert when opening emails, especially from unknown sources
  • Use strong passwords on all computers and online accounts

Unauthorized access

Unauthorized access is when someone who doesn’t have permission gains access to a website, computer, software program or other information using someone else’s login credentials. This allows a cyberattacker to gain access to protected files, such as financial information, payroll records, client data and employee information.

To prevent unauthorized access, businesses should:

  • Use strong passwords
  • Install a firewall
  • Use malware protection software
  • Run regular system checks to look for viruses or vulnerabilities
  • Use secure eChecks to pay individuals and vendors
  • Be alert when opening email from unknown senders

Employee negligence or error

Employee negligence is when employees leave a business open to a cyberattack through bad habits and risky behaviors. This can make the company vulnerable to a data breach, which puts the business’ financial information, customer data and overall reputation at risk.

To prevent employee negligence, companies should:

  • Train employees on how to avoid risky behaviors when online and accessing company files on personal devices
  • Instruct employees to lock their devices and screens when away from their desks
  • Educate employees on the importance of securing confidential files

Physical theft

Physical theft occurs when an individual steals a computer, system, device or even a paycheck to gain access to restricted information. This can be troublesome to a business because it doesn’t require a cyberattack and cannot always be traced.

Physical theft is often overlooked by companies, even though it puts the business’ data and records — and an individual’s financial records — at risk.

To prevent physical theft, businesses should:

  • Install security systems in and around the business
  • Disperse access control cards to monitor permission to certain devices and areas of the office
  • Create policies and procedures to recover lost data and information on devices
  • Use eChecks to pay individuals and vendors to avoid the threat of a hacker intercepting checks or personal information

Cybersecurity resources for small businesses

If you or your employees are new to cybersecurity, a great way to enhance the security of your data is to get your team up to speed on cyberthreats. Below are some helpful resources cover basic cybersecurity education in a format that’s easy to understand.

Information Security Risk Assessment Checklist

If you aren’t sure how your current cybersecurity practices stack up, use this checklist to identify weak spots and areas for improvement. This checklist helps small business owners identify potential threats and vulnerabilities, and prioritize which to tackle first based on potential consequences if your business is the victim of a cyberattack.

Cyber Exposure Risk Calculator

Not sure if your business is adequately protected from common cyber threats? This quick and easy quiz from CyberBee can help you identify which cybersecurity risks pose the biggest threat to your business. Questions cover public networks, sensitive information and device security.

PBS – Cybersecurity Lab

This cybersecurity lab simulator from PBS is a great way to understand cybersecurity in a safe and engaging format. This virtual lab allows “players” to assume the position of a cybersecurity analyst tasked with protecting a company from increasingly sophisticated cyberattacks. It also includes helpful videos that cover cybersecurity basics.

The Open University – Introduction to Cyber Security

For a more in-depth look at cybersecurity, the Open University offers this free course covering the basics of data and network security. You’ll learn how to recognize threats to online safety and how to take steps to reduce the risk of breaches that could put your company at risk. The curriculum covers everything from malware and viruses to trojans and identity theft.

Make sure you’re secure

Cyber attackers don’t discriminate between large and small businesses. In fact, they can easily target small businesses if the proper security measures are not in place.

Beyond educating yourself and your team about cyber threats, there are other small but meaningful steps you can take to make your business more secure. This includes transitioning to secure online payments through eChecks, which offer more security than other payment formats.

As customers and vendors demand more convenience through mobile and online payments, the threats to businesses of any size will continue to rise. It’s more important than ever for small business leaders like you to arm themselves with reliable software, virus protection and secure payment options to protect your customers and your bottom line.

Sharpen your knowledge

Subscribe to the Deluxe Insider newsletter to get practical advice for starting, operating and marketing your business, delivered free to your inbox every two weeks.

Was this useful?
1 0
More on this Topic

See how to make a positive customer impact by addressing often overlooked areas of your business: website usability, exterior and interior.

14 min read

Don't wait until tax time to verify your employee information.

15 min read

See why you need a good system that facilitates end-of-year ACA compliance reporting.

10 min read