6 Security Threats Facing SMBs – And How Partners Can Help

Just 15 Percent Of SMBs Believe They Can Fend Off Attacks

Enterprises might get all the attention around data breaches, but small and mid-sized businesses are just as vulnerable to the same set of threats, if not more so.

According to Webroot's 2015 SMB Threat Report, 59 percent of SMBs said they believed they were at a "disadvantage to better funded enterprises with more resources." Only 15 percent said they strongly thought they were as prepared as an enterprise might be against a cyberattack.

For partners, that means an opportunity to use their position as trusted advisor to help their SMB clients get up to speed. With threats abounding in the marketplace, here are six that stand out that SMBs specifically – as well as their channel partners -- should watch.


The recent attack on a California hospital, which was forced to revert to paper and faxes to continue caring for clients, has brought ransomware closer to the security forefront. For SMBs, ransomware can be a real problem, according to Dmitriy Ayrapetov, director of product management at Dell SonicWall. He said SMBs are more likely to be vulnerable to ransomware because many haven't made the investments in the IT practices, isolation and reliable backups that an enterprise might have made. Just as in the case of the hospital, the implications of a ransomware attack on SMBs are dire, with many likely to pay up quickly in order to keep their businesses up and running, Ayrapetov said.


Phishing has become a favorite tactic of many hackers, and SMBs are not immune. According to the most recent Verizon Data Breach Report, phishing attacks accounted for more than two-thirds of security incidents. It said that around 23 percent of phishing messages are opened and that 11 percent of users open attachments. While there are anti-phishing solutions on the market, the general consensus is that education is the key to prevention. That's a challenge for many SMBs that might not have the budget or free time to spend on security training initiatives.

Weak Passwords

According to the National Cyber Security Alliance, 50 percent of SMB users have poor passwords and 83 percent don't have a system in place to require employees to change their passwords regularly. A general rule of thumb for creating stronger passwords is to use at least 12 characters containing a mix of upper- and lower-case letters, numbers and symbols and stay away from common words. There are a slew of affordable password management solutions on the market for SMBs looking to use more secure passwords.

(By the way, if you want examples of bad passwords – check out CRN’s roundup of the most popular passwords of 2015.)


Insider threats are one of the more common - yet one of the most difficult -- to catch, according to the 2015 Verizon Data Breach Report. Many of these cases, upwards of 55 percent, involve abuse of privileges, the report said. The report recommended setting up a formal process to check for insider abuse when an employee leaves and embracing audit and fraud prevention technologies. However, only 52 percent of SMBs said they felt prepared to combat insider threats, according to a Webroot study.

Bring Your Own Device

More small and mid-sized businesses are embracing technology solutions that can help them better serve customers, as well as allow for a more flexible workforce, according to a 2015 small business study by Bank of America. For example, the study found that 47 percent of small businesses now offer telecommuting options. However, with an increase of BYOD technologies and a more flexible workforce come a rise in security risks. That's where small businesses run into trouble, a 2015 Kaspersky Lab study found, with 80 percent of small businesses surveyed "not interested in information about managing the information security of mobile devices." A study by Webroot backed that up, finding that only 60 percent of SMBs said they felt ready to address unsecured PCs and devices.

Unpatched Devices

One of the biggest challenges SMBs cited in developing their security portfolios is a lack of time to stay up to date with the technologies, according to the Webroot study. The study found that 55 percent of IT decision makers within SMBs agreed that they didn't have enough time to dedicate to security. More specifically, patching is something that can fall by the wayside when time is in short supply. According to Kaspersky Lab, 9 percent of all businesses that experienced a breach said it was due to a vulnerability or flaw in existing software.