Top 5 Ways SMBs are Vulnerable to Threats

Top 5 Ways SMBs are Vulnerable to Threats

In 2021, businesses suffered 50% more cyber attack attempts per week as compared to 2020. This is a massive increase in just one year and yet it continues to rise. What can SMBs do to protect themselves from this growing onslaught of cyber attacks? All businesses operate slightly differently but overall have some common areas of concern. Typically, these 5 fronts represent threats and vulnerabilities that SMBs shouldn’t ignore.    


When it comes to ransomware, one of the biggest threats is losing essential data. Imagine someone being able to access your company’s personal drives and just hitting ‘delete.’ It’s a real fear, but thankfully there’s a relatively easy way to prevent it back up your data somewhere secure and available for quick recovery. There are so many options: cloud storage, local storage, backup applications, all of them work just fine. Another solid prevention tip is multi-factor authentication. We know that confirming your identity can be annoying at worst, but at best it keeps hackers out of your private data. 

Learn more about this prevalent attack vector by downloading our free Ransomware Guidebook: What a Business Needs to Know.

5 Tips

#2. Phishing

The first rule of thumb is don’t click on links from an unknown email sender.  Spam filters and anti-virus software can add another layer of defense.  Even setting up email DMARC is a quick, yet efficient way to authenticate the person logging into an email account. Testing your employees is an efficient way to understand their awareness of phishing attacks. You can partner with companies that will send your employees faux phishing attacks in order to test their resiliency.  

#3. Employees

Speaking of employees, human missteps are the most common path to data breaches. It’s unfortunate, but even well-meaning employees can leave your organization vulnerable. There are technological solutions created to help your employees stay safe online. Password managers are meant to make sure your employees use recommended safe passwords. DNS blockers, AD blockers, and anti-virus programs were created to keep the bad guys from contacting your employees as readily. Bad guys are actively seeking out companies who are using outdated software because they understand how to access those gaps. Software providers routinely release OS updates and application updates, usually to remediate security gaps as they are discovered. 

Among the most important basic protections is for companies to have a defined set of policies instituted for employees to follow. For example, requiring employees to use securely generated passwords and store them in a password manager instead of using simple passwords or writing their passwords down. Know what your employees are doing online. Should you have policies for using public Wi-Fi or hotspots with company-owned equipment? Annual employee training is another beneficial task as it puts security at the forefront of the employee’s mind. Knowing what to look for and understanding why certain things may be unsafe can help an employee navigate uncharted waters in the future. 

#4. WEbsite

Secure your site. Your website should be security conscious. Talk to your web team and ask them about encryption and potential vulnerabilities within your Content Management System (CMS). Also, know what regulatory compliances you need to satisfy. Whether it’s HIPPA or PCI, these regulations will have certain standards you need to follow in order to keep your data protected. Make sure your web team is keeping you up to date. 

#5. Bank TRansfers

Bank transfers can be a huge risk factor for companies. Most banks will request the use of multi-factor authentication for making any sort of transaction, or even logging in to the account. Some will also offer tokenized key fobs which allow you to securely authenticate any actions going through your bank account. Most banks will allow you to require a second signature for transfers of x amount of dollars. Speak to your bank and ask them what security measures they offer to protect your account. Make sure your accounting department has policies and procedures defining layers of scrutiny for wire transfers and changes to payment accounts. 

Awareness of these common areas of threats and vulnerabilities is a great start. Consider what your small or medium-sized business can do to minimize these risks. Doing something is always better than doing nothing, especially when the actions are smartly aimed. Consult an expert for help when you’re ready for specialized assistance or third-party verification of your efforts. Stay safe out there! 

Mark Kirstein

Mark Kirstein

Mark, VP of sales for GMI Advisory Services, leads GMI's efforts to help clients plan and implement cyber security plans to protect their company and stakeholders. Mark has a unique combination of technical and business experience, backed up with BSEE and MBA degrees. He has held roles as CEO, sales & marketing, research and computer design for both corporate and startup-level companies. Mark is a Certified Information Systems Security Professional (CISSP).