Judging by what we see on the news related to cybersecurity attacks, hackers are all malcontented masterminds who go after only the biggest targets—governments, security agencies, banks, credit-card companies, and other corporate monoliths. If that was ever the case, the script has flipped. These days, hackers are focused on smaller targets.

According to a CNN poll, almost half of all American adults have been hacked, having fallen prey to email-phishing scams, social-media hijackings, ransomware, or malware infestations of personal websites. For individuals, such hacks are embarrassing and sometimes expensive. For small businesses, they can be devastating.

They’re also becoming increasingly common. The report from Symantec’s Global Intelligence Network discovered a major surge in hack attacks on small businesses at the end of 2015. Law enforcement sources and other cybersecurity experts confirm that small businesses are now the victims of at least half of all cybersecurity breaches.

And yet, according to a survey by AT&T, only 53% of companies with fewer than 50 employees place a high priority on cybersecurity, compared to two-thirds of larger ones—and only 30 percent of smaller companies have an employee-training program in place to guard against and recover from breaches. “There are two kinds of small businesses,” says Jack Bienko, director for entrepreneurship education at the Small Business Administration, “one that’s been breached and one that doesn’t know it’s been breached.” Since America’s small-business population provides the lion’s share of all new jobs in the country, their cybersecurity is an issue not just for them but also for the national economy.

As Christoph Rieche, chief executive of online FinTech company iwoca puts it: “The majority of attacks we see rely on a human taking some sort of action, whether that’s clicking a link or opening an attachment in an email because they assume it’s legitimate.

“Phishing and ransomware attacks are common but are not complex, so understanding what a potential attack looks like is key to preventing one.”

For this reason, getting the basics right, educating staff and building a culture of security often makes more sense as a starting point than investing in expensive software or hardware. After all, for attackers, there is never much need to attack a defensive structure like a firewall when the front door is wide open.

Of course, taking simple security steps and taking time to understand the risks can significantly bolster an SME’s defenses. And businesses need to act fast, because the financial ramifications for not doing so are real: with GDPR (General Data Protection Regulation) becoming law on 25 May 2018, businesses could face fines of up to £17m, or 4pc of their global turnover – so a serious breach of user data could put a small company out of business.

That’s before you consider the additional damage a company could face; a survey of SMEs by analyst KPMG [1] revealed that 89pc of small businesses that were hacked faced reputational damage and 30pc lost clients as a result.

Ultimately, the reason SMEs get attacked is simple: money. With economies of scale afforded by widely scattered cyberwarfare, cyberattackers can and do, make good money from SMEs.

The Government’s Cyber Essentials advice is a good place to start identifying the biggest risks to your organization. If you consider the risks early and instill a culture of awareness in your company, you are already one step ahead of the hackers.

Contact WebOrion.com to secure your online business.