Malware Attack Vulnerabilities of Small & Medium-Sized Businesses

Craig Pollack | Feb 28, 2018

The primary concern with cybersecurity threats for small and medium-sized businesses (SMBs) is that they enable malicious users to access confidential or sensitive data. Businesses and users around the world face a variety of attacks each day that can remotely put their valuable data at risk — everything from malware-containing spam emails to highly-targeted attacks and hacks

Many SMBs believe that cyber attacks will only focus on larger enterprises—and that they are safe because they are smaller. However, the fact that 60% of all small businesses that have experienced a cyber attack go out of business within six months should underscore the importance of this potential threat to your livelihood.

According to Kaspersky, “a single crypto malware attack may cost up to $99,000 on average for small and medium businesses (SMBs) and more than half (67 percent) reported complete or partial loss of corporate data.” The last thing you want to have to deal with is the concern that your (and your clients’) data are not adequately protected. This is why it is important for SMBs to take a multilayered approach to their cybersecurity strategy and related initiatives.

I’ve put together a list of some of the most significant malware attack vulnerabilities to your small or medium-sized business.  

Changing Cybersecurity Threat Landscape

The world of cybersecurity threats is constantly evolving, and many small and medium-sized businesses can’t keep up without the help of a full-time IT security staff. Since many SMBs can’t afford the cost of maintaining teams of such skilled employees, many choose to hire a managed services provider (MSP) to do the work for them.

If your business employs the services of an MSP, be sure to periodically evaluate whether your MSP is a valuable IT and cybersecurity solution for your business. Otherwise, you may want to look elsewhere to find a more experienced and knowledgeable team.

Server Message Block

For organizations and businesses with servers, one of the most significant risks of cyber attacks comes in the form of malware to the server message block protocol. According to Microsoft, the protocol is “a network file sharing protocol that allows applications on a computer to read and write to files and to request services from server programs in a computer network.”

Essentially, this means that an application (or a person using it) can remotely access files or other resources to read, upload, edit, or otherwise update them on the server. This matters because an outside user can gain access to the server and its files and do virtually whatever they want with them. This puts all of your connected devices, data, and customers at risk.

A Lack of Cybersecurity Awareness and Best Practices

Among the biggest threats to many businesses, regardless of size, is the threat that comes from within their organizations. When employees are not knowledgeable about cybersecurity best practices and how to safely navigate the internet, they open their devices (as well as your business network, server, and all the data contained within it) to the risk of becoming lost, stolen, or destroyed.

Every company has some level of cybersecurity awareness training — even if that level is “nonexistent.” Do you know yours? Better yet, how can you improve your cybersecurity awareness training?

Usage of Personal Devices without Adequate Cybersecurity

Businesses that allow users to access or store sensitive data on their personal devices without security mechanisms or BYOD (bring your own device) policies in place put their enterprises at risk. This policy can be incorporated into your company’s broader computer use policy (which it should also have in place).

By establishing a BYOD acceptable use policy for your business, you can help to ensure that your business’s codes of conduct are being followed by outlining:

  • How employees are and aren’t allowed to use their devices.
  • Which networks they’re allowed to access.
  • How company data must be managed while they’re using their own phones and tablets.

Lack of Knowledge About Their Network

If you don’t know what devices are connected to your network, how can you try to keep it safe and secure? Having accurate, up-to-date information about your network and anything connected to it — such as business and personal smartphones, tablets and other mobile devices; laptop and desktop computers; printers, scanners, and storage devices — is crucial for protecting it from internal and external threats.

One way to accomplish this is to use an effective network management service. FPA’s team of experienced and certified IT professionals can proactively monitor your systems, address any alerts, and keep your systems patched and updated.

Ineffective (or Nonexistent) Security Protocols and Policies

Cybersecurity concerns, including internal threats due to intentional or accidental misuse of computer equipment by employees, reached record-level highs in 2017. The Identity Theft Resource Center (ITRC) reports that 3,158,441 records have already been exposed in 2018 as of January 31. This is just one of the reasons why it is critical for businesses to have an effective computer use policy in place—as well as why they should implement cybersecurity awareness training for employees.

In an increasingly digital world, it is imperative for small and medium-sized businesses to recognize that they are not immune to the growing cybersecurity threats that are lurking online. Those threats don’t impact only larger corporations, and companies need to make sure that their networks, devices, and employees are prepared for the virtual threats that are just one mouse click away.

How prepared is your business? What have you done to close up some of those vulnerabilities from malware and other cybersecurity concerns? Let us know your thoughts by sharing your suggestions in the comments box below or feel free to send me an email to discuss this topic in depth.

Cyber Security Report Card


Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 25 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best secure and leverage their technology to achieve their business objectives.