The main target of Security Criminals: Small Business

The main target of Security Criminals: Small Business

Those who think that hackers only attack big companies or organizations should re-think their ideas. It was announced by the US government that 20% of cyber security attacks went to small business with less than 250 employees. Unfortunately, unlike the big companies, many of these small companies could not survive these cyber attacks.

In fact, there is a strong evidence of increased attacks on the small and medium sized businesses and an acceleration of the financial costs associated with these attacks. A great example came in June of this year, when a distributed-denial-of-service attack and subsequent data breach led to the shuttering of a technology firm called Code Spaces in a matter of days. This company had to shut down the business even before they had any change to remedy the attack itself. This humbling event offers an eye-opening reminder:  Cyber-attacks can destroy a business model instantly.

So, it is crucial that small business owners are aware about cyber security. You have to understand that your IT equipment, IT based-service and your information is always on the risks. There will always be people who want to get your client list, database, financial details, deal your making, price information, or even your product design. And everyone can become a cyber criminal, including your current and former employee, your clients, your suppliers, competitors or a total complete stranger.

Similar with big organizations, there are 3 simple steps you need to do:


This is a part of risk management system, where you need to identify your company’s asset, including financial and information assets that is crucial for your business. Ask around if any of your relatives are being attacked recently so we can have a preventive action. Check the current condition of your cyber security, both the system security and awareness level of your employee.

At this phase, you need to decide if you need any security experts or not, in-house or out-source. You need to know whom to contact and what to do when there is a cyber attack in the future.


Next step is to implement the plan you have made. Install malware protection and anti-virus. Do vulnerability test and penetration testing. Increase protection of your networks, including wireless networks; against external attacks through the use of firewalls, proxies, access lists, and other measures. Last but not least, make sure to manage the access of your employee to the network and monitor data encryption.


After implementing your security strategy, make a review on it. Monitor if the control you have implemented works well or not. Most important is to monitor your security condition on regular basis. As a wise man said, prevention is always better compare to suffering from the cyber attacks, as become a victim may cost financial loss, brand reputation, and the possibility of losing clients or customers.

It is well said that regardless the size of our business, cyber attacks is always there. Most of small business owner put aside this security issues and think it as a-next-year issue. You know, it is wrong! Criminals are everywhere and your business is valuable. So make sure that you are aware of cyber security and protect your business as early as possible.