Cybersecurity for Small Businesses: What Makes You a Target and What Are the Threats?


As a small business owner, it’s easy to read the seemingly never-ending headlines about cybersecurity breaches at enterprise companies and be lulled into thinking that you aren’t a target. After all, hackers are after the massive storehouses of customer data or proprietary information held by leading companies, right?

Not necessarily.

While the biggest headline-grabbing hacks involve large companies, cybercriminals don’t discriminate by size. As a matter of fact, even some of the biggest data breaches of the 21st century started out at small businesses. One of the biggest cyberattacks of the last decade, hitting a major retailer in 2014, exposed the personal data of over 100 million accounts. The attackers didn’t break directly into the retailer’s system, though. The attack was instead carried out via the network of an HVAC contractor that worked with the chain.

Two thirds (66%) of companies with fewer than 1,000 employees have experienced a cyberattack, and 63% have experienced a breach. These statistics make it clear all businesses need a solid cybersecurity strategy. Be it ransomware, DDoS (distributed denial of service), phishing or some other threat, there is no shortage of cyber threats targeted at small businesses.

So what makes you a target?

Small and medium-sized businesses don’t have the deep pockets that enterprise organizations do. So why are they such a target for hackers? There are a few key reasons:

Your valuable data

Hackers know that even small companies traffic in data that’s easy to offload for a profit on the Dark Web — medical records, credit card information, Social Security numbers, bank account credentials or proprietary business information. Cybercriminals are always trying to come up with new ways to steal this data. They either use it themselves to get into bank accounts and make fraudulent purchases or sell it to other criminals who will use it.

Your computing power

Sometimes cyber hackers are interested only in using a company’s computers, and conscripting them into an army of bots to perpetrate massive DDoS attacks. DDoS works by artificially generating enormous amounts of web traffic to disrupt service to a company or group of companies. The hijacked bots help generate the disruptive traffic.

Your links to the big fish

Today’s businesses are digitally connected to each other to complete transactions, manage supply chains and share information. Since larger companies presumably (although not necessarily) are tougher to penetrate, hackers target smaller partners as a way to get into the systems of large companies. This is what happened in the Target breach.

Your cash, pure and simple

When you think about it, cyber hackers target small businesses – or any other company — primarily for profit. Sure, some attacks are about disruption, as is the case with DDoS, but usually, the motive is to make money. This explains why ransomware is such a popular method of attack. It often succeeds, generating revenue for attackers. And as long as an attack method proves lucrative, hackers will keep using it.

What are the threats?

Enterprise organizations have entire teams devoted to handling cybersecurity. At many small businesses, those efforts, if undertaken at all, are handled by someone who likely wears many other hats in the day-to-day operations of the business. That makes small businesses particularly vulnerable to hackers. After all, a cybercriminal only needs to be right once. In order to stave off a successful attack, you need to be right 100 percent of the time.

To achieve peace of mind in the modern threat landscape, small business owners need to have a solid security strategy in place. That kind of preparedness starts with a solid understanding of the current threats:


Often providing a gateway for ransomware or other infections, phishing typically works by goading users into clicking an email attachment or URL containing a virus. Phishing has become more and more sophisticated, and it can be incredibly difficult to spot a fake message as hackers target specific individuals with messages they can’t resist.


Hackers use a wide range of methods to target businesses, ransomware being one of the most common. Ransomware locks up computers and encrypts data, holding it hostage. For owners to regain access to their data, they have to pay ransom to a hacker who then releases a decryption key.


Short for “malware advertising,” this consists of delivering malware to a network after a user clicks on an apparently legitimate ad. Identifying malvertising isn’t easy because of the way it’s disguised, but some advanced malware detection systems are getting better at it.


Similar to malvertising, this practice involves hiding hyperlinks to compromised webpages in legitimate website links. Users are then asked to reveal personal data that hackers steal for nefarious purposes.


This dirty trick downloads malware into networks, often without users realizing what is happening. Sometimes users have to respond to a pop-up window for the download to occur but other times all you have to do is unwittingly visit a compromised website.

Software vulnerabilities

Hackers exploit vulnerabilities in popular web platforms such as Wordpress, tools such as Java and file formats such as HTML, PDF and CSV to deliver malware. Falling behind on updates can leave systems particularly vulnerable.

Any organization that neglects cybersecurity is taking a huge risk. And as businesses grow more and more interconnected, those risks extend to customers, partners, and suppliers.

To ensure peace of mind and protect against costly malware, ransomware, and bots, small businesses need to implement 360-degree cybersecurity measures that include anti-virus programs, firewalls, and network security solutions that proactively protect all devices connected to your network.

Comcast Business SecurityEdge can help protect the Internet-connected devices that employees and guests use from malware, ransomware, phishing, botnets, and more. Comcast Business at Home provides a dedicated business-grade Internet connection with the option of added security for remote workers.

Get more insights, advice, and best practices to keep your business protected here.

As a small business owner, it's easy to think of cybersecurity as primarily a concern for enterprise organizations, given the steady stream of high-profile breaches. While the biggest attacks might happen at large organizations, small businesses are still a mark for hackers. Learn what makes you a target and walk through the most common threats.

This article is available exclusively to
Comcast Business Community Members.

Join the Comcast Business Community to read this article
and get access to all the resources and features on the site.

It's free to sign up

Sign Up

for our newsletter


Learn how Comcast Business can help
keep you ready for what's next.



for our newsletter