Many small and mid-sized businesses still think they are too small to be targets of cybercrime. But that belief can lead to big trouble. Cybercriminals often go after companies that seem like easy targets—those without a dedicated IT team, solid employee checks, or strict password rules.
Jared Turnwald, a senior manager at Central Insurance, explains that no company is too small to attract hackers. Larger firms have tightened their security, so criminals turn to smaller businesses that might not be as prepared.
Small businesses face several common cyber threats. One of the biggest is social engineering scams. This is when criminals trick employees into giving away sensitive information or sending money. They do this by pretending to be someone you trust, like a bank or a vendor. For example, a Florida school district lost over $846,000 after scammers pretended to be a construction vendor and changed payment details.
Phishing emails are another big risk. These emails look real and convince employees to click harmful links or share login info. Nearly all cyberattacks start this way. Recently, small businesses using QuickBooks were hit by fake invoice emails that stole login credentials and sensitive data.
Weak or repeated passwords also make businesses vulnerable. Over half of small business workers reuse passwords across personal and work accounts. This simple mistake often leads to account takeovers, as seen in a 2023 attack on 23andMe, where reused passwords exposed millions of user profiles.
Fraud can also happen when financial accounts and vendor portals aren’t carefully monitored. Some hackers quietly change bank info on delivery or payment platforms to steal money. For instance, a small bakery lost payments when someone altered routing details in its DoorDash account. In another case, hackers redirected $324,000 by breaking into a city’s vendor payment portal.
Insider threats pose a danger too. Sometimes, businesses hire employees without proper background checks or give one person too much control without oversight. In 2023, nearly half of all data breaches involved insiders misusing access. One heating and cooling company lost over $158,000 due to an office manager writing fraudulent checks.
Experts recommend a few simple steps to protect your business from these threats. Always verify requests for money using a second method like a phone call. Train your staff regularly to spot phishing and social engineering scams. Use strong, unique passwords and change them often. Enable multi-factor authentication on important accounts. Check financial accounts and vendor portals weekly, and have more than one person approve major transactions. Also, run thorough background checks before hiring and limit employee access based on their roles.
Central Insurance offers a Cyber Suite coverage plan that helps with recovery and provides hands-on training to keep businesses safe. With these steps, even small companies can defend themselves against cybercriminals and avoid costly losses.