Small businesses and cyber-attacks: the 10 most common threats

Back to Press Archive

Connected but often with little protection, small businesses are manna from heaven for cyber-criminals and hackers. E-mails, wifi network, USB keys, etc. Discover the 10 most common entry points in micro, small and medium-sized businesses*.

1) E-mail

E-mail is undoubtedly the most common means by which to be hacked. A malicious attachment is often the preferred vector for phishing or ransomware.

2) Advertising banner

Some advertising sidebars, especially on free sites, can be hacked and, when clicked, send users to a malicious site or even trigger a malware download.

3)  The company’s IT network

A poorly protected IT network, coupled with workstations or servers where security updates have not been carried out, can be an entry point, particularly for worms. Unlike viruses, worms are able to propagate automatically, without any direct action by the user.

4)  The internet

The watering hole technique is a real threat and consists in hacking a well-regarded website with high traffic volumes to propagate malware to the computers of the internet users who look up the site or are directed to a malicious website.

5)  Applications

Applications, particularly Android ones that are less secure and have fewer checks than iOS ones, and scareware (malicious software that displays alarming technical notifications) are the preferred vector for hackers.

6) WiFi

Non-secure wifi systems – such as public hotspots – are still the entry point of choice for cyber-attacks. They are the ideal way to intercept communications or even recover data and passwords.

7)  Connected objects

As they can be accessed remotely, connected objects are very vulnerable and can let cyber-criminals “piggyback” onto a company network or hijack these objects to launch massive denial-of-service attacks. Just maybe that virtual assistant that you have recently installed in the middle of your open-space office wasn’t such a great idea after all.

8) USB stick

There could be malicious software on that unrecognised USB stick, intentionally left just lying around. Be careful not to open it at a workstation and use a specifically designated computer, ideally one that is isolated from the rest of the network.

9) Ecosystem

The trusted relationship between a company and its suppliers often fosters carelessness. If one part of the chain is poorly protected, it can become the weak link that hackers take advantage of to access the entire ecosystem.

10) Human

Passing yourself off as a company CEO in order to steal money via that company’s accounts department, for example, is a much more common practice than you might think. However, nefarious persons can carry out this kind of crime just by finding a host of information on the Internet.

I consigli dell’esperto – Matthieu Bonenfant, Chief Marketing Officer di Stormshield:

Expert advice – Matthieu Bonenfant, Chief Marketing Officer at Stormshield:
“In small businesses, which are often poorly protected, there are many security loopholes that are often related to the more mundane types of activity, such as accessing a public hotspot or using someone else’s USB stick in your computer. There are many entry points for cyber-criminals and they are constantly evolving. The attacks that result sometimes have dire consequences – especially for micro and small businesses, which are weaker than large companies. This is why it is vital for all companies to protect themselves accordingly and perform frequent updates on operating systems and applications. Regular backups of data are also essential. There needs to be a culture of cyber-vigilance and attention given to suspicious behaviour you notice on the internet or on IT resources. What companies have to understand is that there is not one solution but a raft of tools and good practice that should be shared as often as possible with employees.”

* Non-exhaustive list.


A European leader in digital infrastructure security and a wholly-owned subsidiary of Airbus CyberSecurity, we offer smart, connected solutions in order to anticipate attacks and protect digital infrastructures. Our mission: to ensure the cybersecurity and data protection of organizations, their employees, and their customers. Our expertise is available in three complementary product ranges for seamless security: Protection for industrial and IT networks (Stormshield Network Security), protection for servers and workstations (Stormshield Endpoint Security) protection for data (Stormshield Data Security). As per our Multi-Layer Collaborative Security approach, our product ranges interact with one another to raise the security level of IT, OT, and Cloud environments, regardless of the attack point.
These trusted, cutting-edge solutions are certified at the highest level in Europe (EU RESTRICTED, NATO, ANSSI EAL3+/EAL4+). Present in over 40 countries via our network of distributor partners, we ensure the protection of strategic information for companies of all sizes, public administrations, and defense agencies throughout the world.

Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to Press Archive