Cybercrime Risk: Small Business

Running a small business is no small task. While handling all of the moving parts involved in a successful small business, it’s easy for cybersecurity to slip through the cracks. According to Symantec*, 43 percent of cyber attacks target small businesses. From phishing to ransomware to data breaches, there are several ways that cybercriminals target small businesses. Let’s discuss the risks and the recovery process involved in these cyber-attacks:

1. Phishing 

We’ve all seen phishing attempts come to our inbox. An email with urgent language like “click now” or “action required” pops-up. The purpose of phishing emails is to use social engineering to get you to click the malicious link in the message. At first glance, the email may even appear to come from a sender that you recognize. It’s important to pay attention to detail; are there misspellings? Does the email address match the contact name? 

If you or someone within your small business clicks on a phishing email, your entire network could be at risk. These attacks should be taken seriously, we highly recommend that you consider security awareness training for your staff. Our sponsor, KnowBe4, has phishing simulation software to prepare your employees for phishing attempts. Once a phishing email is clicked, you should immediately remove the infected device from your small business’s network and change all passwords. Run a virus scan on all devices to determine the extent of the damage. For detailed information on how and where to report the phishing incident, visit us here.

2. Ransomware 

Ransomware is malicious software that holds your organization’s information or systems hostage. Ransomware typically enters your network via a phishing email or a malicious website. If the ransom is not paid, the cybercriminal threatens to delete the data. It’s important to note that even if you pay the ransom, the data may not be returned. 

If your organization is exposed to ransomware, the first thing you need to focus on is damage control. Immediately remove infected computers or devices from your business network and change all of your account and network passwords. Report the incident to the FBI Internet Crime Complaint Center (IC3) and visit us here for recovery help. 

3. Data Breach

A data breach is an incident where confidential data stored within your organization is leaked. This data may include banking information, Social Security numbers, passwords, emails, and other private employee or customer information. In 2018, Verizon* found that 58 percent of data breach victims are small businesses. As a small business owner, the risk of a data breach is considerable. 

If a data breach occurs, start by changing any compromised passwords or credentials. Our affiliate partners, WhiteHawk and TechStak, can help you begin the recovery process. Review your state’s data breach notification laws on the NCSL’s website. Properly reporting, recovering and reinforcing your organization’s cybersecurity after a data breach is crucial. Visit’s data breach incident recovery page. 


There are several cybercrime risks facing small businesses every day. We aim to provide relief in the wake of cyber-attacks. For recovery help and next steps to get your small business back on track, utilize our online resource database