Unit 4 -Question 1

What are the key cyber threats for SMBs?

A cyber attack is an attempt to disable computers, steal data, or use a breached computer system to launch additional attacks. Cybercriminals use different methods to launch a cyber attack, below are three common types:

1. Malware – Malware is a blanket term for malicious software including Ransomware, viruses, spyware and trojans. Malware allows criminals with a way to gain access to important information such as bank or credit card numbers and login credentials. Malware can be used by criminals to spy on their victims or even take control of a victim’s computer system. SMBs make lucrative targets for criminals as a majority of them lack the resources to detect and combat malware.

2. Ransomware – Ransomware is a form of malware that encrypts a victim’s files, systems or networks. A ransomware attack can bring a business to its knees with an attacker holding their systems hostage until the ransom has been paid. Small businesses can be particularly vulnerable, as they are less likely to implement cyber security measures that could help prevent and recover from ransomware.

3. Phishing – Phishing is a social engineering tactic that consists of an attacker sending an employee a fraudulent message via email, instant message or text message, in the hope that the unaware employee will click a link that downloads malware onto their system, freezes the system as part of a ransomware attack or reveals sensitive information of the organisation. Most SMBs fail to adequately train their employees in information security best practices, which can make it hard for employees to identify and avoid phishing attempts.


How can these cyber threats be prevented?

Small to medium businesses can implement a number of best practices to avoid succumbing to cyber threats, below are the top ways for SMBs to protect themselves from cyber criminals.


Regularly update software – Cyber criminals take advantage of known vulnerabilities to hack your devices. Regular system updates have comprehensive security upgrades to patch these vulnerabilities. Ensuring that employees are installing the latest patches and updates to software can help reduce the change that a cyber criminal exploits a known weakness to gain access to your system or network. A good way to stay on top of updates is to turn on the automatic update function on software and systems, however if this isn’t available it is the employee’s responsibility to regularly check for updates.


Maintain data backups – A backup is a digital copy of your business’ most important information e.g. customer details and financial records. This can be saved to an external storage device or to the cloud. An automatic backup is a default or ‘set and forget’ system that backs up your data automatically, without human intervention. Backups are important because data losses can occur in many forms, from hard drive failures to ransomware attacks and even human error or physical theft. No matter the incident, a data backup could can enable you to restore the data stored on your devices. Data backups can greatly reduce the downtime a business could face in the event of a ransomware attack

+ There are no comments

Add yours