Common Threats Facing Small Business

When it comes to securing business data, small businesses face many obstacles. They range from denial of risk to ignorance about digital security and the failure to use security features properly. Here are the top obstacles we have seen businesses struggle with when it comes to cybersecurity and how to overcome them.


Many business owners think they are too small or simply aren’t a valuable enough target for hackers. This is not the case at all. As a matter of fact, according to the 2019 Data Breach Investigations Report (DBIR) by Verizon, 43 percent of breaches investigated involved small business victims. That number is expected to grow as 99 percent of America’s 28.7 million firms are small businesses, according to a piece by JP Morgan Chase & Company.

Putting your head in the sand achieves nothing. It’s time to get proactive about protecting your business, your employees, and your customers. If you are not conducting a regular technology assessment of your business, it’s time to get the job done. Third-party vendors such as ORAM Corporate Advisors can help you develop long-term strategies for business growth and development as well as continuous systems monitoring, anti-virus management, data protection, and more. Schedule your annual security assessment if you haven’t already done so. It’s not a question of if your business will be attacked, but a question of when and how.


Education is key. Every business leader should know what data they have, where it is stored, and how it is protected. Knowing what your security threats are and how to combat them is just as imperative.

Start with conducting an analysis of your business network. How is your data sorted? Where is it stored? Are these systems secured? These are important questions to ask to determine if your network is designed efficiently and effectively for your business operations.

The next step is to conduct a threat analysis. This will identify any deficiencies in your data security. Additionally, a threat analysis can also tell you how to shore up your weaknesses to protect your company.

Finally, become educated about digital security and what it means for your business. There are courses for small business owners and managers to keep you updated on what’s new in cybersecurity. Third-party companies such as ORAM can also help you with security education for yourself as well as your entire staff.

Employee Training

This is something that we have found many small businesses lack. Companies often have the impression that they can’t afford to train their employees or that it takes valuable time away from the workday. These beliefs only lend your business to a greater risk of an attack.

Your employees can be your greatest line of defense or they can be your greatest weakness. In 2019, 21 percent of breaches investigated in the aforementioned Verizon report were the result of employee errors through casual work events (i.e. clicking on a bad link or attachment in an email, visiting an unsecured site, etc.). Proper training provided regularly can protect your business by giving your employees the knowledge they need to prevent a breach.

According to the 2019 Cost of a Data Breach Report by IBM Security, the average total cost of a data breach is now $3.92 million. The cost can multiply as the company can suffer revenue losses for years due to the negative impact on its reputation following a breach. The cost of educating your employees pales in comparison to the devastating cost of a hack.

Speed of Detection

How fast can you detect and recover from an event in your business? While the Verizon report mentioned above shows “the time from the attacker’s first action in an event chain to the initial compromise of an asset is typically measured in minutes…the time to discovery is more likely to be months.”

Discovery time is very dependent on the type of attack in question, according to the 2019 DBIR. For example, payment card compromises are typically discovered when they are used fraudulently to make a purchase. When it comes to stolen data, it can often take weeks or months before a business even knows it has been compromised and, by then, the results of a breach can be devastating.

The 2019 IBM report shows the average time to identify and contain a breach in companies within the U.S. was 245 days. To make matters worse, the same report shows the average size of a data breach is 25,575 records at a cost of $242 per record. That can add up to some serious financial losses for any business.

Obviously, the faster you detect a breach, the faster you can respond to it. Through implementing firewall monitoring, data protection, and other security measures, you can protect your data and be notified right away in the event of a cyber event. This is imperative to saving your business and its reputation.

Loss of Reputation

A report by the National Cybersecurity Institute at Excelsior College shows 50 percent of small and medium businesses have been the victims of a cyberattack and 60 percent of businesses that experience a cyberattack go out of business within six months. The report points to insider threats, weak passwords, and social engineering as some of the major factors contributing to the proliferation of attacks at the small business level.

When a company experiences an attack and data is lost or stolen, that negatively impacts your business. This is because trust is an integral part of doing business. If your customers can’t trust your organization to keep their data safe and secure, they will take their business elsewhere. This can lead to poor reviews, reputational damage, a loss of customers, and a reduction in profits. It could even force your business to shutter as a result.

The best way to avoid a loss of reputation is to avoid a breach and have a plan in place should one occur. Employ the best possible security software, educate your employees, and monitor your data closely consistently. If you need assistance with this, turn to your information technology (IT) department. If your IT department needs additional help or you don’t have a separate department, outsourcing to a third party such as ORAM Corporate Advisors is recommended. Most third-party vendors can work within your budget and time constraints.


According to the aforementioned DBIR by Verizon, “Ransomware is still a major issue for organizations and is not forced to rely on data theft in order to be lucrative.” As a matter of fact, ransomware ranked second only to command and control attacks in the study showing businesses are still not taking the threat seriously.

Hackers take advantage of vulnerabilities in older versions of operating systems, software, and browsers. One of the best ways to beat the hackers is to continuously update your systems and layer protection including a firewall and anti-exploit tools. You’ll also want to employ anti-virus, anti-malware, and anti-ransomware software in addition to a continuous monitoring system to alert you to any breaches. Also educate employees not to click on suspicious links or attachments, especially when they come from an unknown source.

Security Features & Best Practices

Utilizing the security features you have available to protect your business is a necessity. Security software such as multifactor authentication doesn’t update often enough so make sure you are staying on top of updating your software and applications. Make passwords hard to crack and require your employees to use best practices when it comes to their passwords. Warn your employees about what they post on social media and avoid making purchases from irreputable sites.

If you need assistance with securing your business, conducting a technology assessment, educating your staff, or performing a security risk analysis, contact ORAM Corporate Advisors now at (617) 933-5060 or visit us online.