Cyberattacks on small businesses are on the rise. Last year, 61 percent of breaches were targeted at small businesses, up from 53 percent the year before. Considering that cyberattacks typically cost small businesses somewhere between $83,000 and $148,000, and that 60 percent of attacked businesses go out of business within 6 months following an attack, that's a frightening thought.

Nobody gets hit by a cyberattack on purpose. Most companies connecting to the Internet are protected by some kind of firewall appliance. But firewall appliances alone can't address all or even most of today's security issues and, in fact, often lead to problems.

Uneducated or Apathetic Staff

The biggest problem, by far, is a team of people who are uneducated or careless with cybersecurity. In fact, it's estimated that up to 90 percent of cyberattacks are attributable to human error or behavior.

For example:

  • Phishing and similar scams. If your employees don't understand the hallmarks of a phishing scam, they may be willing to give out their login credentials for free. If they open a malicious attachment on their computer, they may open the door to a serious security breach. Once a hacker has access to an account, they can probably gain access to other areas of your network--and easily.
  • Social engineering. Your employees may also be victims of social engineering; in other words, someone disguising themselves as an authority who's secretly out to get information. They may receive a call from someone pretending to be IT support, and voluntarily give away private information.
  • Password problems. Your staff may also be inept at creating and changing passwords. If they choose short passwords or easy-to-guess passwords, they can be hacked easily. If they leave their passwords recorded in plain sight, it's even easier. And if they don't change their passwords often, the vulnerability can persist for years.

The best way to mitigate this risk is to train and educate your staff--even if it costs extra time and money to do so. Keep them up-to-date with regular training sessions.

Missing or Lackluster Firewalls

Staff mistakes aren't your only concern. If your computers are connected to the internet in any way, they could be vulnerable; that's why firewalls exist to help you control different types of incoming and outgoing traffic.

As a small business, you can invest in a simple firewall to protect you against the most common threats, but as you scale, the firewall appliances become more limited; you'll need more processing power and smarter appliances, that can be a challenge unless you have a dedicated IT team to help you out.

A Lack of Investment

Some businesses are vulnerable because they aren't willing to spend money on the tech and people necessary to prevent an attack. They invest in old devices and old software because it's less expensive, even though upgraded machines are better protected against attacks.

They trust their instincts rather than hiring an expert, and make poor infrastructural decisions, or neglect an entire dimension of cybersecurity.

Bad Luck with a Sophisticated Attack

Of course, no matter how much knowledge you have on the world of cyberattacks or how much you've invested in your own campaign, you could still get unlucky with a sophisticated attack. The vast majority of attacks are small and opportunistic, but if you're faced with a large-scale, brute-force assault, or an especially clever hacker, even the best security standards will have trouble protecting you.

Fortunately, you don't have to worry much about this level of attack; they're typically reserved for higher-profile targets, or those with much to lose (such as a national government).

There are, unfortunately, many ways your business could be vulnerable to a cyberattack, and even if you account for all of them, there's no way to reduce your risk of attack to zero; after all, it's always possible that someone on the inside could sabotage your systems.

Still, if you understand these four main vulnerabilities, and are willing to spend the time and money to protect against them or compensate for them, you'll make your business a much more difficult target than your contemporaries--and you'll be a much less likely target as a result.