How to stop cyber security threats on small businesses

Cyber security is one of the biggest threats that small businesses face. It’s a common misconception that cyber attackers will target large corporations, as the damage or profit will be much higher. However, that isn’t the case and small businesses are just as much at risk as any other medium or large-sized business. In fact, even a small business can generate a large profit, that of a large corporation which a successful hacker will benefit from compromising.

On average, In the UK, a cyber attack costs a business around £8,460 (DCMS, 2021). For a small business, a single cyber attack could cost them their whole business with no support or way to retrieve damaged or lost files. This doesn’t even cover the reputational damage that could lead to further loss of profit and clients.

Why are small businesses targeted by cyber criminals?

Automated attacks

Cyber attackers are becoming more sophisticated with their attacks every year. This makes it difficult for businesses to predict a cyber attack and successfully identify suspicious activity that could potentially lead to one.

Recently we have seen an influx in automated attacks that allow cyber criminals to direct their attacks at hundreds, if not thousands, of businesses all at once. This is typically performed by “bots” which can carry out extensive cyber attacks all on their own, without the hacker needing to supervise or manage the attack itself. The main reason why small businesses tend to be an easy target for cyber attackers is due to the lack of cyber security defences over their IT assets.

Most small businesses lack cyber security defences

A study performed by Symantec, a security software company, found that 36% of all recent cyber attacks have targeted businesses with less than 250 employees. What is more worrying is that National Cyber Security Alliance found 69% of small businesses with no plan at all in relation to their cyber security.

With no cyber security plan in place or defences against these cyber threats, you are risking the life of your business making it the perfect target for hackers to exploit.

3 most common types of cyber threats on small businesses and how to prevent them



Phishing is responsible for around 90% of most cyber attacks on businesses. This type of cyber attack involves the attacker impersonating a trusted contact of the target, and luring them into clicking on a malicious link or downloading an infected file.


Cyber security awareness training is a great solution to minimising phishing attacks on your business. It tests how cyber aware your employees are and whether they understand what cyber threats are, their potential impact on your business and the required steps to help reduce their risk. If your employees are not cyber aware, you potentially risk cyber attacks infiltrating your assets and compromising your business.


This is another common type of cyber attack and the most lucrative that businesses fall victim of every year. Ransomware attacks involve an encryption process where the hacker will encrypt the businesses data so that it cannot be accessed or used unless a ransom is paid. For businesses with no cyber security measures or procedures in place, the only option (although not recommended) is to pay the ransom otherwise they will never be able to retrieve their data back. Research shows that 71% of ransomware attacks target small businesses for the very reason of lack of cyber security defences.


Create regular backups of your data. Cyber crime isn’t the only factor that could compromise your data. There are times when technology malfunctions, suffers downtime, is infected by a virus or a human error causes damage to your data. The potential costs that are associated with these factors are significant and can cause major disruption across your workplace without a comprehensive data recovery solution in place.


Malware is an intrusive malicious software that is used with the intention of causing disruption or damage to its intended source e.g., a server, computer, or database through unauthorised access. Malware is the second most common type of cyber threat used on businesses.


Keep your devices and software updated. When we are busy at work it’s easy to put off updates as they can cause slight disruption to our day, but the associated risk that comes with that could be far greater. Updates come with patches that remove vulnerabilities and errors within your software and system. Cyber attackers will try to find weaknesses within your IT infrastructure as a way of gaining access to your precious assets. It’s also good practice to use multi-factor authentication where possible to stall hackers from accessing your data and exploiting it. 

Other ways that small businesses can protect themselves against cyber attacks…

  • Install firewalls
  • Install security software
  • Employee training
  • Data encryption
  • Multi-factor authentication
  • Use complex passwords (and change regularly)
  • Make multiple copies of your data and store in different locations

There are many different types of cyber threats that small businesses face. The most effective way for a business to protect themselves against these types of threats is through implementing a comprehensive cyber security defence plan and providing awareness training to employees to help easily recognise cyber security threats and how they can be prevented.