43% of cyberattacks target microbusinesses and SMEs, leading to average financial losses of €58,600 per incident. These alarming figures underscore the importance of strengthening small businesses' cybersecurity, which are often seen as easy targets by hackers.
This article examines the issues and risks related to IT security for small organizations and suggests essential actions to implement to protect your business against online threats.
Cybersecurity risks for micro and small businesses
Small businesses are a favored target for cybercriminals. In 2023, 60% of small businesses that suffered a cyberattack permanently closed within the following six months. The most frequent types of attacks include phishing, ransomware and data leaks.
Phishing
Phishing involves tricking employees into revealing sensitive information, often via fraudulent emails or SMS. These attacks can lead to data breaches and significant financial losses.
A notable example is Tangerine Telecom. In 2023, the company experienced a major data breach after login credentials were compromised—an attack that exposed the personal information of more than 200,000 customers.
This incident not only threatened the security of customer data, but also raised concerns about privacy protection. In addition, consumer trust in the company eroded.
Ransomware
Ransomware encrypts a company's data to demand a ransom for its return. These attacks typically paralyze operations and result in major financial losses.
In February 2024, battery manufacturer VARTA was struck by a cyberattack that halted production at five of its plants. This example highlights the vulnerability of industrial infrastructures and the major repercussions cybersecurity breaches can have on business continuity. Directly affecting production capacity often has negative effects on customer relationships and impacts company revenue.
Data leaks
Data leaks often occur due to inadequate system configurations or API interfaces.
In April 2019, Facebook suffered a massive leak in which the data of nearly 540 million users was exposed on Amazon S3 servers misconfigured by third-party developers.
In 2023, Trello found itself in turmoil due to a misconfiguration of the tool's public API. The flaw allowed unauthorized exposure of sensitive information from 15 million accounts.
More recently, the CNIL opened an investigation following the data breach at two third-party payment operators in France (Viamedis and Almerys). A cyberattack resulting from misconfigured systems and a lack of adequate protective measures exposed the personal and medical information of millions of insured individuals.
Essential actions to improve the cybersecurity of your micro or small business
As we have previously demonstrated, the consequences of a cyberattack include the loss of sensitive data, prolonged business interruptions, and high remediation costs.
Protecting your customers’ and employees’ sensitive information is therefore essential to ensure business continuity and strengthen the company’s reputation.
Here are the key best practices to adopt to improve the cybersecurity of your very small or small business (VSE/SME):
Raise employee awareness and provide training
Training employees in security best practices is a priority. Regular awareness programs help prevent threats such as phishing and malware. Workshops and training sessions make employees aware of the risks and the steps to take to protect themselves and the company.
A cybersecurity consultant can intervene in your company to raise your teams’ awareness.
Regularly update software and systems
Regular updates of software and systems patch vulnerabilities and prevent exploitation of flaws. Automating updates, using a firewall, and installing modern antivirus software strengthen protection and minimize risk.
Use strong passwords
Strong, unique passwords for each account are essential to improving the cybersecurity of your VSE/SME. Using password managers helps create and manage these complex credentials. In addition, changing passwords regularly (every 30 to 90 days, for example) strengthens protection against hacking.
Enable two-factor authentication
Also consider enabling two-factor authentication (2FA) to add an extra layer of security. This good practice makes unauthorized access to your network infrastructure, applications, and internal tools more difficult.
Regularly back up your data
Regular data backups enable rapid recovery after a potential cyberattack. It is recommended to perform frequent backups and diversify storage solutions (cloud and local) to ensure that critical data is protected and recoverable in case of a disaster.
Secure Wi-Fi networks
Using complex passwords for Wi‑Fi networks and regularly changing access credentials improves protection against cyberattacks. For encryption, prefer WPA3, which offers advanced protection against intrusions.
If your company receives the public, you can also segment networks, for example by creating a guest network separate from the internal Wi‑Fi.
Actively monitor for intrusions
Active monitoring of networks and systems allows you to quickly detect abnormal behavior and hacking attempts. It is advisable to use intrusion detection systems (IDS), which are often more responsive and effective than basic antivirus solutions, to alert administrators in case of suspicious activity.
Implement security policies
Clear, well-defined security policies frame employee behavior and prevent security breaches. This policy can include bans on personal devices, rules for accessing sensitive data, and protocols to follow in the event of a security incident.
Communicate this policy effectively via internal emails, and also by posting it in every office and in the open-plan area.
Our final tip to improve your small business's cybersecurity
Improving the cybersecurity of your micro or small business is an essential investment to protect your company. By implementing the actions recommended in this article and remaining vigilant, you can significantly reduce the risks.
One last tip: hire a cybersecurity consultant on our freelance platform, Codeur.com. They will help you identify the specific vulnerabilities of your business and put in place effective measures to fix them.
