Cybersecurity continues to be a critical concern for small and medium-size businesses (SMBs). With cyber attacks steadily on the rise, the Cyber Readiness Institute has begun developing content and tools to help organizations minimize cyber risk. While anti-virus software and firewalls play a role in keeping organizations safe, the easiest and most effective ways to prevent a cyber breach are straight-forward, cost-effective measures taken by the people within an organization—big or small. What are the top threats SMBs need to address? Below are five identified by experts working with the Cyber Readiness Institute.

1. Phishing

You have probably received an email at one point congratulating you for winning a random prize. The email goes on to say that all you need to do to collect your reward is to click on a link. Phishing emails like these are rather easy to identify by the “is it too good to be true?” test, but there are many others that are not quite as simple – emails that appear to be from a known contact or company. While clicking on a link may seem harmless, it can actually be quite the opposite. According to the 2017 Verizon Data Breach Report, 95% of phishing attacks that led to a breach involved the installation of malicious software and 66% of malware was installed via infected email attachments. Being aware of emails and attachments that come from unknown senders, and avoiding opening attachments that look questionable can go a long way in protecting the integrity of an organization’s network and infrastructure.

2. Patching

If your car does not go for in for a service, it will eventually break down. The same applies to an organization’s network infrastructure—it needs updates with software patches to fix security vulnerabilities in existing computer systems or applications. If installed properly and regularly, patches can address security issues that could provide unauthorized access to a computer system network by hackers. The 2017 WannaCry ransomware incident, where 200,000 computers were attacked across 150 countries, resulted from a lack of patching. This event, and many others, shows the extent to which a lack of patching creates significant vulnerabilities. Developing a plan to ensure ongoing patching is vital to safeguarding small and medium-sized businesses.

3. Authentication

Nobody wants strangers walking into their home, and the same applies to a company’s internal systems. Authentication, including the use of passwords, security questions, and biometrics (e.g., fingerprint scans, facial recognition) helps prevent an outsider’s ability to access private information. Unfortunately however, weak passwords and other methods of authentication leave companies susceptible to intrusion at many levels. According to the 2016 Verizon Data Breach Investigations Report, 63% of data breaches result from weak or stolen passwords. Meldium, a password management firm, further reports that 90% of employee passwords can be cracked within six hours. Rigorously employing reliable identification and password protocols, including two-factor authentication, can play a major role in preventing intruder access.

4. USBs

The ancient city of Troy fell because the Trojans willfully brought the unassuming Trojan Horse into their gates. USBs, otherwise known as flash drives or memory sticks, can also be the unassuming Trojan Horse that brings down an organization’s technical infrastructure. These handy devices can be very useful, but can also easily contain malware that allows attackers to enter and take complete control of an organization’s systems. According to a Panda Security survey, 27% of SMBs report that malware infections within their organizations originated with infected USBs. The best way to avoid USB threats to an SMB network is by not using them at all, wherever and whenever possible.

5. Insider Threats

Insiders – including employees, contractors, vendors, or other third parties with access to a company network – pose the greatest threat to an organization’s network infrastructure. While many actions are taken with intended ill will, others are simple mistakes. According to IBM’s 2015 Cyber Security Intelligence Index, more than half of the breaches that occurred within the companies examined happened because the attacker had internal access to an organization’s systems. Using better safeguards, including comprehensive employee cybersecurity training, as well as security requirements for third party vendors and effective disengagement when contracts or employment has been terminated, can help SMBs avoid the threats of insider attacks.

While organizations face a variety of cyber threats, these risks are some of the most important to address. The CRI’s forthcoming set of resources will provide the education and tools necessary to help SMBs take the simple steps to significantly reduce their cyber risk and build resiliency. All tools and content produced by the Cyber Readiness Institute will be made available on this website. Check back in the coming weeks.

To learn more about the Institute please contact Henry Vido at