Common Cyber Risks for Small Businesses

anti malware

Small businesses, regardless of industry, face lots of challenges. One of those challenges includes the dangers of cybersecurity threats.

Cybersecurity threats can be extremely damaging for a small business and unfortunately, they are often the biggest target because they have less time and resources to put into cybersecurity.

We have compiled a list of some of the most common cyber risks to be aware of and some tips to help prevent them.

Why are small businesses a target for cyber risks?

A common misconception is that small businesses are rarely a target for cyber attacks. Unfortunately, this is not the case and small businesses are regularly targeted for a number of reasons.

One of the main reasons that small businesses are often targeted is because they generally have less time and resources to devote to cybersecurity. This makes them an easier target for hackers than bigger companies.

A smaller company does not necessarily mean less money either – even the very smallest of businesses can deal with large sums of money. They also often work with larger companies, so they can be used by hackers as a way to target those companies.

Small businesses also have the most to lose from being hit with a damaging cyber attack. Losing a large amount of money is devastating to a small business and can tarnish the reputation that comes from being hit by a cyber attack.

The different types of cyber risks

Understanding the different types of cyber risks is essential to avoiding and preventing them.

Here are some of the most common types of cyber risks that small businesses face:


Phishing is a type of online fraud that involves tricking people into providing sensitive information, such as passwords or credit card numbers by masquerading as a trustworthy source.

The scammer will send messages that look like they are from a legitimate company or website. The message will usually contain a link that takes the user to a fake website that looks like the real thing.

An example of how this could occur in your business is if an employee who handles purchasing for your business receives an email that appears to be from another employee at your company requesting a new laptop to be shipped to an unfamiliar address. Because the email appears to come from an executive team member, the employee might follow the request and inadvertently purchase and ship a new computer to a thief.

How to avoid phishing

There are several ways to avoid phishing emails.

One easy way to avoid it is by training employees to recognise fraudulent emails. In many cases, phishing emails will contain grammar mistakes and spelling errors or logos that look a bit off.

All employees should be instructed to check with the supposed sender before providing sensitive information or valuable property. They should follow password policies that govern allowable passwords to prevent hackers from being able to guess the password.

You should also schedule regular backups and a recovery plan. Scheduling regular backups help to ensure that your data can be fully recoverable in the event of an emergency.

Fake invoices

Fake invoice fraud is when fraudsters submit an invoice or other request for payment that is not genuine in the hopes that your business will pay it.

An example of a fake invoice is if your accounts payable employee receives an invoice for a load of boxes and other shipping supplies and pays it, even though she doesn’t recognise the vendor. The invoice then turns out to be from a scammer who has never sold anything to your business, and they just made several hundred pounds off your business.

How to avoid fake invoices

Here are some ways to avoid fake invoices:

  • Research – when looking to use a new supplier or purchase from a new seller, ensure that staff do the relevant background checks. If a deal seems too good to be true, it probably is.
  • Know your suppliers – make sure you call your suppliers to check new or updated bank details. Always find the number through a separate internet search or your own records to ensure it’s correct.
  • Clear procedures – make sure your business has clear procedures for processing and paying all invoices. For instance, the person who ordered the supplies or services should be required to verify the invoice before the accounts payable department can pay it.

ACH and wire transfer fraud

Wire and ACH involve any unauthorised funds transfer that occurs in a bank account. Often, these attacks originate from phishing attacks from malware that result in a fraudulent entry to a secure system with secure data.

ACH transactions and wire transfers are the quickest ways to send money, and scammers take advantage of these transactions to steal from bank accounts. Cybercriminals use phishing emails, compromised websites, and malware to steal bank login credentials.

They then use credentials to transfer money out of victims’ bank accounts and into their account, which is often overseas where funds can’t be recovered.

How to avoid ACH and wire transfer fraud

To prevent wire or ACH fraud, it is important to implement multiple authentication requirements. These requirements should include a number of different elements to ensure you are doing everything in your power to protect your members’ accounts and keep the hackers out.

Make sure staffers use the strategies they would to prevent phishing attacks. This includes watching out for inconsistencies in email addresses or domain names or unusual language in emails. Always call a phone number you trust, such as your bank, before approving a wire transfer or ACH transaction. Also, instruct your bookkeeping staff to reconcile transactions daily to identify and return any unauthorised ACH debits.

Unordered office supplies

This scam works by someone claiming to be a vendor calling to “verify” a supply order and your address. After talking with you, they send supplies or equipment you didn’t order and demand you pay for it. When you protest, they present a recording of your conversation, which includes you verifying your address as proof that you “ordered” the supplies.

How to avoid unordered office supply scam

If you receive items that you didn’t order, you can legally keep them for free. To prevent future unwanted items from being delivered to your address, direct all calls about orders to one person or department who handles and tracks these orders.


Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is taken.

Ransomware has quickly become the most prominent and visible type of malware. Recent ransomware attacks have impacted hospitals’ ability to provide crucial services, crippled public services in cities, and caused significant damage to various organisations.

Ransomware is a big problem for small businesses and can result in lost revenue and a loss of customers.

How to prevent ransomware

It is important to make sure all of your computers and devices are running with the most updated software and operating systems. These updates are necessary to combat the latest bugs, including ransomware.

Also, use virus protection software that includes protection for ransomware, and keep it updated. Implement strong spam filters and only allow access to sensitive information for those staffers who need it.

Government agency imposter scams

These scams involve a phone call from someone posing as a representative of law enforcement or another government agency. They threaten to impose fines, suspend your business license or take legal action.

How to avoid government agency imposter scams

If you receive one of these types of phone calls, write down the information the caller gives you. Then tell them you’ll call them back. This gives you time to verify the information and work out whether you have missed an outstanding payment or not. Most scammers will do everything they can to keep you on the phone and get a credit card payment – don’t fall for it.

MailCleaner: Spam experts

If you are looking to protect your business from these cyber attacks, well look no further than MailCleaner.

MailCleaner is a business anti spam gateway installed between your mail infrastructure and the internet. It offers professional protection against viruses and eliminates up to 99% of spam.

We also offer a range of other anti spam services which help to prevent you from the risks that small businesses often face. We offer anti spam for education, governments, enterprises and more.

For additional information on our spam blocking software or to speak to a member of our professional team, please don’t hesitate to get in touch with us here today.