Why Security Matters for Small Businesses

Being a Freelancer or owning a Small Business requires you to wear many different hats. Your responsibilities range from marketing to finance, and maintaining your own IT infrastructure. While a lot of self-service tools make the latter easier, it’s still unclear to most how safe they are and what the risks to their business look like.

Your business is online

The world is connected and so are most aspects of our lives. Your business is no exception to this rule.

Your Customers

Your customers prefer to find and connect with you online.

Your Tools Are Online

Business tools like e-mail, accounting, marketing,
etc. are in the cloud. Without them your business wouldn’t be able to find new customers or serve existing ones.

Your Social Media Presence

Social Media is how you stay in touch with your community and people learn about your company.

Your Suppliers

Being able to purchase material or services for your business impacts the speed of your operation.

Your Competitors

Your Competitors are as active online as you are.

Compliance

Compliance with Privacy laws affect everyone, no matter how small you are.

Everyone is at risk

A widely held misconception is that only big enterprises and famous people are at risk of being hacked online. While large organisations and famous people are more likely to be specifically targeted by cyber-criminals including ones financed by nation states, less known entities like small businesses can’t afford to ignore the risks from cyber-attacks.

PYBMost attacks are automated

We all know the stereotypical hacker, usually wearing a black hoodie sitting in a badly lit room in front of multiple screens with tons of windows trying to enter the system of their chosen target. While this works well in Hollywood, most attacks are conducted in a fully automated fashion.

Just like the emails that – hopefully end in your spam folder – most attacks are fully automated by software that gathers random targets and performs the same type of attack over and over again.

This means that these attacks don’t care if they’re sending phishing emails to the CEO of a publicly traded company or a freelance web designer who just started their business.

PYBAttacks are cheap

Cyber-Criminals often don’t require expensive tools to perform their attqacks. Most attacks can be performed with simple and cheap tools that attackers can purchase on the so-called dark web. There’s also a large number of tools that are for free and can be used with limited technical skills.

PYBMillions of attacks per hour and lower risk of getting caught

Unlike criminals looking for unlocked car on a residential street, cyber-criminals are not bound by the same limiting factors wo how many potential victims they can target.

Unlike the criminals mentioned the risk of getting caught is also significantly smaller for cyber-criminals.

All of these factors make it more economically viable for people to conduct cyber-crimes and scale up their operations

More than 50% of Internet users (Consumer and Business) have been affected by a cybercrime incident – where 1/3 of them took place in the past 12 months (Research by Norton)

Cyber-Attacks can be costly

The consequences of a successful cyber-attack can be costly from a financial, but can also harm your businesses reputation.

PYBFinancial consequences

Falling victim of a successful cyber-attack can cause significantly more costs than the prevention would’ve cost. From potential loss of business to spending money for experts to recover lost accounts/data, the time and money likely ramps up very fast.

PYBLoss of productivity

Each cyber-incident is going to be at least a distraction from your ability to focus on the business. The time it will take for you to deal with the consequences from an attempted or successful cyber-attack could be better spent. Especially if your team is growing you want your people to focus on their work rather on cleaning up the fallout from having their e-mail or other tools compromised.

Loss of productivity
Losing data

PYBLoss of data

Losing access to one or multiple accounts or having your businesses data deleted as a consequence of a cyber-incident is likely to be disruptive to your business.

Your e-mails and documents are the foundation of your business processes like invoicing, accounting, and more. Attackers often take advantage of this and delete data or block people from their accounts to maximise the damage they cause.

PYBDamage to your reputation

Your customers and partners trust you with their business and often with their data. Any type of issue like a hacked website, unavailable service, etc. can negatively impact this trust relationship.

Especially for public facing ressources like your website or social media channel, a hack can damage the reputation you and your team have worked really hard to build.

reputation damage

PYBPotential legal consequences

Even in industries that traditionally have not been regulated, increased regulation mean to hold companies accountable for the data they hold about their employees and customers has been put in place in most regions.

Regulatory frameworks such as GDPR (General Data Protection Regulation) or NIS2 (Network and Information Security Directive) put pressure on more companies to take the protection of their systems holding employee and customer data more serious.

PYBSome attacks can be fatal for a business

73% of small businesses are expected no to be able to recover from a ransomeware-attack, where most or all of their data has been made unavailable.

While it’s likely that recovering from a data-loss can be managed by working extra hours, sometimes the consequences are more significant. Imagine an accountant loosing all of their customers data they have prepared during tax-season. Or a web-designer having all their customers websites wiped out.

In 2021, victims of compromised personal and business email account experienced a loss of $1.86 Billion (Source: FBI)

Different types of attacks

There are different types of attacks online. Most of them are automated and wider-spread, with relatively simple ways to defend. However there are attacks with higher sophistication and more personalised.

PYBTargeted Attacks

These are the attacks we mostly read about in the News. Attacks that are performed to compromise a specific individual or organisation. While these attacks happen and need to be taken seriously, they make up a small percentage of the criminal efforts online.

Targeted Attacks don’t necessarily have to be technically more sophisticated. One of their main traits is that they are aimed at a more clearly defined (group of) victims. For the attacker this means that they can use an approach that is more tailored to the victim they have laid eyes on. This often leads to a higher success rate for an attack to be successful.

The measures of protection provided in our program lay a strong foundation to make targeted attacks less likely to succeed. However if you feel that someone is specifically targeting you or your company, please get in touch and we can provide some more specific ressources. Especially if the suspected attacker is in physical proximity of their target, the mitigation methods might change in some ways.

PYBNon-Targeted attacks

More than 99% of activity performed by cyber-criminals can be considered as non-targeted. Sometimes they’re also called “spray-and-pray-attacks” indicating the attackers opportunistic approach of attempting large numbers of repetitive attacks onto a large set of potential victims.

This type of attacks is why everyone is at risk of being impacted by a cyber-security incident. They are cheap to perform on a broad number of accounts or systems.

For the attacker the economic viability comes from reaching a large enough set of targets and come out with a percentage of these attacks being successful. The cheaper the attack is, the smaller said percentage can be.

It’s important not to underestimate the sophistication of these attacks. These attackers count on the generally low utilisation of commonly available protection mechanisms such as Two-Factor Authentication.

PYBPhishing

Phishing attacks are simultaneously the most known and underrated type of Online-Attacks. A phishing attack describes the attempt of an attacker to gain access to information required to access someone else’s account.

Most of us have seen these types of attacks in the form of an email impersonating a person or company we know and linking us to a malicious page where we’re expected to enter username and password and other information.

While this attack method has a bad reputation of using e-mails with spelling mistakes and other easy to spot signals, it is still one of the most effective tools attackers use. It is assumed that more than 80% of successful cyber-attack include some element of phishing.

PYBRansomware attacks

Ransom-type attacks are when (part of) the victim’s data has been made unavailable/unusable for them by the attacker using malicious software and requesting them to pay in order to re-gain access to the data held at ransom.

These types of attacks have grown in volume in recent years. In 2023 the total amount if ransom paid out exceeded the $ 1Billion mark for the first time. This increase in attacks and financial damage can be attributed to a higher level of automation and lowered costs to perform ransomware attacks on a larger set of potential victims, including small businesses

Don’t underestimate the attacker

It’s important not to underestimate the motivation and maturity of the criminal economy on the internet. Most of the attacks are performed by motivated people and organisations with financial profit as their objective.

PYBThey’re smart and adapt fast

Attackers are motivated to maintain and grow their business just like you are. With that they have to be considered as subject matter experts in their field. Security is a game of “cat and mouse” and bad actors continue to adapt as new detection and protection mechanisms are put in place.

Something that is considered safe one day, can be exploited the next.

PYBThere’s an ecosystem supplying them with tools

Because of the economical potential of performing cyber-attacks an ecosystem of suppliers of tools, data, and methods has emerged supplying the people running the attacks with ways to make them more scalable, profitable, and overall effective.

PYBConclusion

We hope that reading this has given you a better understanding on why Cyber-Security is important for any type of business and how underestimating it can cause significant harm to your business.

This is not meant to be fear-mongering, but a resource of information to justify pragmatic and effective ways to reduce the risks posed by the internet.

In summary:

  • Everything is online: Most aspects of your business depend on the internet
  • Everyone’s at risk: Cyber-Criminals cast wide nets and don’t only focus on the “big fish”
  • Incidents can be costly: Especially for businesses the aftermath of a breach can be very costly
  • Not all attacks are the same: Different attacks require different mitigations
  • Don’t underestimate the attackers: They are smart, motivated, and adapt fast.

The most important thing we want you to take away from this is: Everyone can take steps to be safer online. Our program provides you with the basics that improve the protection of your business.

Testimonials

Isabel Steiner

Isabel Steiner
Co-Founder Actevely.com

“For us at Actevely it’s important to have someone on our side that can help us at any step of our journey. This requires a pragmatic mindset and empathy towards the founders eagerness to grow their business. We were looking for a security-specialist with an entrepreneurial mindset combined with corporate experience to think about our current and future challenges and threats.”

Sources used for this page:

  • Statistics about Ransomeware from Chainalysis
  • Various cyber-security statistics from Norton
Scroll to Top