Skip to main content

Common Cyber Attacks + How to Keep Your Small Business Cyber Safe

While any business can be the target of a cyber attack, small businesses are particularly vulnerable. Did you know that about 50% of cyberattacks target small businesses?

Why are small businesses so often targeted by cyber criminals?

Small businesses, despite their size, have information hackers want, such as customer data and large sums of money  — without the same protections in place that larger businesses have.

43% of small businesses lack a cybersecurity defense plan. Often, they do not have the resources for adequate training or professional IT solutions.

Common Ways Hackers Attack Small Businesses

Here are some common methods hackers use — and tips to prevent these attacks from harming your small business:


circle graphic to represent phishing; computer with fishing hook and envelopePhishing

In 2021, phishing attacks were the most common cyber security threat businesses experienced, making up 41% of all cyber attacks.

In a phishing scam, hackers use emails or websites that appear to be from trusted sources to trick users into sharing personal information such as passwords, personally identifiable information, or banking details. [CITATIONS: forbes and sba] Phishing is a type of social engineering, which is a technique used by hackers to gain trust and deceive individuals into revealing sensitive information.

“On average, an employee of a small business with less than 100 employees will experience 350% more social engineering attacks than an employee of a larger enterprise,” according to a 2021 study conducted by Barracuda Networks and shared by Forbes.

How to Prevent a Phishing Attack

Be aware of the red flags indicating that an email is suspicious.

Here are some common characteristics of phishing attempts:

  • Attachments you weren’t expecting. Does the email mention an invoice you weren’t anticipating? Does the attached file sound like something you wouldn’t receive from this recipient? Don’t open or download the attachment. It may contain malware or ransomware that can infect your computer.
    • Do you know the recipient? Give them a call to confirm the legitimacy of the email.
  • Urgent action required. If the email indicates a sense of urgency, it may be a phishing attempt. Hackers don’t want users to take the time to think through the message they’ve received.
  • Hyperlinks. Does the email seem odd, and are there hyperlinks to other websites? Often, hackers will include a hyperlink that looks like a link to a real website, such as, but if you look closely, the hyperlink may say “Annazon” or a similar misspelling that looks like a familiar website but is not.

When in doubt, contact your IT expert or call the person the message claims to be from if it’s someone you know.

circle graphic with envelope and virus, says "malware"Malware

Malware (short for malicious software) is “any type of malicious software designed to harm or exploit any programmable device, service or network.” It’s a broad term that encompasses many methods hackers use, such as: viruses, worms, spyware, adware, and ransomware (more on that later!).

Malware can help hackers access confidential information, disrupt business operations, and cause substantial financial losses (

How to Prevent a Malware Attack
  • Use anti-virus protection and a reliable ad-blocker.
  • Keep your device(s) up to date.
  • Do not trust items sent from unknown sources.


ransomware circle graphic - laptop computer with maroon backgroundRansomware

Ransomware attacks are among the top cyber threats to small businesses, particularly in recent years.

“Ransomware is a type of malicious software designed to block access to a computer system or computer files until a sum of money is paid,” according to Cybereason. “Most ransomware variants encrypt the files on the affected computer, making them inaccessible, and demand a ransom payment to restore access.”

The average cost of a ransomware attack on a business is $133,000.

Quick Tips to Stay Safe from Ransomware Attacks:
  • Keep your software and operating system updated.
  • Utilize spam filters, firewalls, and anti-virus programs.
  • Restrict access to install and run programs.
  • Back up data on a separate device.
  • Do not open suspicious attachments or links.

Learn more about ransomware attacks in our recent blog: Ransomware Attacks and Steps to Protect Yourself

Cyber Liability Protection

Has your small business considered cyber liability insurance? This coverage is designed to protect businesses from some of the most common security problems encountered with online and computer-related technology.

Learn more in our recent blog: Any Business Can Be a Target of Cyber Criminals. Cyber Liability Insurance Can Help!

When you’re ready to discuss cyber liability coverage for your small business, visit Merchants Insurance Group’s Find An Agent tool to locate an independent insurance agent near you!

For further information on cyber security for your small business, browse the linked resources throughout this blog!

Blog Categories
Business TipsCyber LiabilityLoss PreventionAll

Blog Tags
cyber securitysmall businessall
Katherine Trautwein

Merchants Insurance Group

Merchants Insurance Group sells its products through a network of more than 1,000 independent insurance agents in Massachusetts, Michigan, New Hampshire, New Jersey, New York, Ohio, Pennsylvania, and Vermont. We sell our products through independent insurance agents because we believe they provide value to policyholders through their broad range of products and their insurance expertise.