Cybercrimes continue to dominate our newsfeed as cybercriminals invent more sophisticated techniques to compromise businesses. Their targets have also evolved, with major attacks now being directed to small and medium-sized businesses.

According to data released by the US Congressional Small Business Committee, 71 percent of cyber-attacks carried in the country targeted businesses with less than 100 employees.

The dramatic move away from large businesses to small and medium-sized businesses has been mainly because of cybercriminals’ belief that they are the easiest targets to access their systems. A consensus between many cybercriminals is that although they are more likely to get more data by targetting large businesses, they are less likely to compromise them due to the resources dedicated to ensuring that such attacks are foiled. On the other hand, small and medium-sized businesses are assumed to be much more sloppy with their data, hence the increased targeting by hackers.

The human factor and cybercriminals

Small and medium-sized businesses have also become easy targets because of the human factor. People form the weakest link in cybersecurity and are mostly the prime targets for cyber attacks.

In large organizations, staff are trained on what to look for and how to detect threats and attacks. However, small organizations do not have large budgets and therefore, their staff are prone to attacks directed at them, and in most cases, these attacks succeed.

The reality is, your company may have the best security software and even the most comprehensive office policies, but a lapse of judgment by staff can cause the entire business to be compromised.

Therefore, any cybersecurity measures implemented in a business should consider the possibility of staff being compromised.

8 Cybersecurity tips you should implement

Now that we have looked at why there has been an uptick in cyberattacks that have been mainly targeted at small and medium-sized businesses. Here are some of the tips you should put into action in 2021 to ensure that your business does not fall victim to cybercriminals.


  1. Educate your employees

    Having looked at the role that your staff can play in ensuring that your network is not compromised. It is important, as a business, to have your staff trained on your company’s cybersecurity best practices and security policies.

    Prioritizing staff training ensures that cybercriminals are not successful in gaining access to crucial data through them. It also makes it easy for a business to hold accountable employees that cause data compromise by ensuring that they understand the businesses’ cybersecurity policies.

  2. Regularly backup your data

    Even the near-perfect IT infrastructure is also prone to being compromised by hackers and other cybercriminals. To avoid data loss, it is important to make sure that your data are securely backed up. This ensures that a business can come back up fast in case of an attack and continue serving its clients.


  3. Install antivirus software

    Installing antivirus software ensures that your system is protected from viruses and malware that are mostly used by cybercriminals to target businesses.

    Studies have shown that about 30 percent of employees open phishing emails that are laced with malware. Although this may be an honest mistake, as a business, you need to have an antivirus installed to protect yourself from an attack if such a program is installed into your network.


  4. Use a firewall

    Firewalls act as barriers between your data and cybercriminals. It is important as a business to have a firewall that controls who can access your data and from where. Internal firewalls have also become popular for many businesses as they try to narrow down the type of data that can be accessed.


  5. Strong password protection and authentication

    Your applications should have strong password protections, such as implementing two-factor authentication to ensure that your staff accounts have another layer of protection. Also, requiring your staff to use a strong password as a cybersecurity policy can stop your data from being compromised.


  6. Invest in security systems

    Small and medium enterprises are hesitant in implementing a security system because of the resources they operate with. However, gaining physical access to your business network can just be as dangerous as hacking it, and therefore, businesses should invest in putting up security such as CCTV cameras and biometric security when entering critical areas to ensure that they are not targeted and data compromised.


  7. Have a cybersecurity policy

    Having a cybersecurity policy ensures that all your staff knows what is expected of them in keeping your business safe. It also lays out the legal and personal consequences for staff that do not follow such policies, ensuring that everyone knows the roles they are expected to play in keeping the business safe.


  8. Use principle of least privilege

    Avoid granting employees all the privileges available on your network if they do not need those privileges. This reduces the risk of widespread data compromise in case one account is compromised. As a business owner, assign each new account the fewest privileges possible and escalate them only when needed.