Small Business Cybersecurity: Why 59% Got Attacked and How to Protect Yourself
Contributed by SBOC Member:
Pat Miller
Founder of the Small Business Owners Community
This content was first released in the new Small Business Summary Newsletter. Subscribe below to get insights like this straight to your inbox!
The Stat That Should Wake You Up
A new survey of 6,000 businesses reveals a startling truth: 59% of small businesses experienced a cyber attack in the past year alone.
If you’re thinking “I’m too small to be a target,” that mindset is precisely why attackers focus on small businesses. Large corporations have dedicated security teams and enterprise-grade protections. Small businesses often have neither—making them attractive, low-effort targets.
What Hackers Actually Want from Your Business
The obvious targets are your bank accounts and financial information. With access to your systems, attackers can apply for credit cards and loans in your name, draining your business finances and destroying your credit.
But the most valuable target isn’t your money—it’s your customer relationship management (CRM) system.
Think about what’s stored there: names, email addresses, phone numbers, physical addresses, and potentially credit card information for every client you’ve ever worked with.
Now imagine this nightmare scenario: An attacker gains access to your email and CRM, then sends invoices to your clients that look exactly like yours—except the payment goes to them. Your client pays $1,500 thinking they’re paying you. The money vanishes.
Even if you can eventually refund them, how do you repair that trust? How do you explain that your systems were compromised? The relationship damage may be permanent.
Then comes the ransom demand: “Give us $10,000 or you’re locked out forever.” And $10,000 might be getting off easy.
The Four Essential Cybersecurity Protections
- Backup Everything—Twice
Storing files in Google Cloud or Dropbox is a start, but if your account gets compromised, those backups become inaccessible too. Best practice: maintain both a cloud backup and an offline physical backup. Services like Backblaze provide an additional layer of protection independent from your main accounts. - Enable Two-Factor Authentication on Everything
Every account that offers 2FA should have it activated: your bank, your CRM, your email, your payment processor—everything. This single step blocks the vast majority of unauthorized access attempts. - Use a Password Manager
If you can remember your password, it’s probably not strong enough. Password managers generate and store complex, unique passwords for every account. You shouldn’t be able to recite your banking password from memory. - Get Cyber Insurance
If you already carry business insurance or errors and omissions coverage, adding a cyber policy is the logical next step. The premium is minor compared to the potential cost of a breach, especially if you store customer payment information or sensitive data.
Act Before It Happens
Cybersecurity isn’t paranoia—it’s preparation. With 59% of small businesses getting hit in a single year, this is happening to businesses exactly like yours, right now.
The time to implement these protections is before you need them. Don’t wait for the ransom email to discover your backup doesn’t work.
Key Takeaways
- 59% of small businesses experienced a cyber attack in the past year
- Your CRM is the most valuable target—customer data can be weaponized
- Four essential protections: dual backups, 2FA, password manager, cyber insurance
- “Too small to be a target” is exactly why small businesses ARE targets
- Implement protections before you need them, not after a breach
Listen to the full discussion on Businessing with Pat Miller.
Don’t Grow It Alone®
Subscribe to the Small Business Summary!
Contributed by
Pat Miller
Founder of the Small Business Owners Community
Pat spent two decades in broadcasting management and hosting. After leaving the radio industry, he spent time consulting small businesses and realized the support system for entrepreneurs was broken. Where could you find help for improving small businesses and building real connections with other like-minded people. In June of 2020, the Idea Collective Small Business Community was born.