Some businesses might think they are too small to be attacked, or that there is less value in their sensitive information. This is false. In fact, small businesses are more likely to be targeted by ransomware attacks.

The following reports illustrate how small businesses make themselves targets, either by undervaluing cybersecurity, or by underpreparing employees to fend off cyberattacks. We’ll review key findings, then discuss how you can make your business more resilient.

According to Infrascale, 46% of all small businesses have been targeted by ransomware attacks. Nearly three quarters of the companies affected were forced to pay ransom to release their data.

According to the National Small Business Association’s testimony before the U.S. Senate Committee on Small Business in March 2019, only 14% of small businesses rated their ability to mitigate cyber risk and vulnerabilities as “useful.”

In a study by the Cyber Readiness Institute (CRI), half of the small businesses interviewed expressed concerns over remote work leading to more cyberattacks. Only 22% of companies with fewer than 20 employees had offered additional cybersecurity training before commencing remote work operations.

The Malwarebytes COVID impact report shows that 18% of respondents admitted cybersecurity was not a priority, and 1 in 20 admitted their employees were a security risk who were oblivious to security best practices.

28% of respondents admitted to using personal devices for work-related activities more than their work-issued devices, creating another significant cybersecurity attack surface.

Key Actions, Quick Wins

To protect you and your customer’s data, businesses should:

  1. Develop more robust security policies. The stronger the policies are, the harder it is for cyber-attackers to strike. BPI helps management teams develop and implement security policies tailored to your unique business.
  2. Train employees on cybersecurity. Businesses should show their employees what to do, what to avoid, and what to look out for. Training can be tailored to the individual employees and their respective departments. BPI’s Virtual CIOs help you choose the right security awareness training courses, products, or services.

Employees should:

  1. Update all software, including the operating system and applications. Keeping software updated reduces the likelihood of an attack. BPI offers automatic update solutions, letting your employees focus on their work.
  2. Add a stronger passphrase to their home Wi-Fi and wired networks. A strong passphrase can be very difficult for a hacker to crack.
  3. Keep their work passwords and personal passwords separate to reduce the risk of a credential stuffing attack. Using the same password twice could result in a hacker being able to gain access to multiple accounts.
  4. Enable MultiFactor Authentication (MFA) on personal and business accounts. This limits attackers’ ability to access critical systems or data. BPI offers easy, convenient MFA solutions that won’t slow down your employees.
  5. Not click on any links, open any attachments, or download any files from an email they are not expecting. Scammers are using the chaos of current events to trick employees. BPI helps businesses deploy granular email filtering and spam protection tools to protect employees from malicious emails.

Data Breach Resources

Right now, it is vital to focus on the impact of data breaches. To access the latest data breach information, and learn more about the impact of data breaches, employees and businesses should also visit the Identity Theft Resource Center’s (ITRC) new data breach tracking tool, “Notified. It is updated daily and free to consumers.

The National Cyber Security Alliance’s “CyberSecure My Business” program has a library of free resources –including videos, tip sheets, infographics and more– all designed for the small business community. You can access those resources here:


By selecting these links, you will be leaving BPI webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. BPI does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, BPI does not endorse any commercial products that may be mentioned on these sites.