The Top IT Security Threats that SMEs should be afraid of

4 minute read

The Top IT Security Threats that SMEs should be afraid of

Topics: IT Managed Services IT Security

By Calligo on 1 October 2020

Are you aware of the top IT security threats that are affecting SMEs?


Small businesses are frequently being targeted by cybercriminals, with the number of attacks and those affected expected to rise.

This is usually because SMEs may not have the internal resources or expertise to hand or have the necessary IT security processes and policies in place. Adding limited employee cybersecurity awareness into the mix makes SMEs prime targets for a cyber attack.



of cyberattacks target SMBs

To help raise cybersecurity awareness, we have selected the top IT security threats that we most frequently spot threatening our SME clients’ networks.


The Top 9 IT Security Threats affecting SMEs


Weak Passwords

A good password is not necessarily one that is easy to remember. Good, in this context, means strong. All employees should be required to use strong passwords or passphrases that are more resistant to guessing, or a brute force automated “dictionary hack” that throws hundreds of potential password combinations per second at a system until it cracks.


Unlocked Hardware

The most basic of errors, and the simplest route into your network. From unlocked phones and laptops to allowing an unauthorized person into the building. Employees need to be educated on the importance of locking devices as well as questioning visitor identities.


Juice Jacking

Be aware of free public charging ports for mobile phones. This is a relativity new threat where a public USB-based charging port is corrupted to install malware onto the device or covertly copies sensitive data off it.

Web Browser Extensions

Web browser extensions are not always what they seem. Their functionality often depends on being granted certain permissions or access, so if they are compromised, they can grant cybercriminals access to your web history, cookies and even stored passwords.



Typosquatting is the act of purchasing URLs that are very similar to those owned by well-known brands and putting up fake sites that mimic the true brand’s presence.


On the surprisingly frequent occasions that users then commit typos when entering a URL in the browser, these fake sites can then either deliver malware to the users’ devices, often without any need to click any links or be so convincing that they request login credentials and even payment details.


Public WI-FI

Free public Wi-Fi might seem like a lifesaver, especially when you’re working remotely or when you’re on the go; however, it’s a hacker’s dream. With remarkably cheap equipment and the most basic of know-how, cybercriminals can use so-called ‘Man-in-the-Middle’ attacks to easily intercept data flowing through any unsecured public Wi-Fi connection.


Similarly, cybercriminals frequently set up rogue Wi-Fi hotspots, often with network names masquerading as nearby brands’ open connections for customers, leaving your data and business data easily accessible to them.



Phishing attacks typically rely on using convincing email and SMS communications, often posing as from recognized brands, to gain access to personal and sensitive data such as usernames, passwords and financial information or to encourage links to be clicked that will install malware. These are often successful as they play on users’ trust in brands’ communications.

More targeted attacks, known as “spear-phishing”, are where a cybercriminal purposefully targets a single organization or individual. This can sometimes be in the form of “urgent” demands via email or even calls from the “CEO” or “Accounts” in order to gain access to the user’s data or contacts, install malware, or even to have false payments made.


You can find out more about the different types of phishing attacks, plus social engineering tactics, here



of businesses reported falling victim to a phishing attack**



Ransomware is a form of malware that instantly encrypts and prevents users from accessing their systems or data until a sum of money is paid. In 2019, one business fell victim to a ransomware attack every 14 seconds (Cybersecurity Ventures).


These are often some of the most headline-grabbing cyberattacks due to the severity of the data breach.  Ransomware attacks such as the Wannacry attack hit the UK’s NHS in May 2017,  and the recent attacks on Travelex and Garmin in 2020,  affected thousands of records of personal data and crippled the business operations and financials.



The most common threat that our SME networks face. Malware (“malicious software”) is any dangerous program or file that is deliberately placed on a network. These include some of the most well-known threats, including viruses, worms, “trojan horses” and spyware.


Malware and ransomware are often delivered through phishing attempts but can also access your network through USB sticks, unsecured Wi-Fi hotspots, typosquatting and malicious add-ons and applications.


Their purpose is varied and will range from the relatively benign mischief of just damaging your devices and network to harvesting your data, monitoring your activity and even recruiting your machine’s resources and processing power to support larger hacks and attacks.




7.2 billion malware attacks in the first 3/4 of 2019***


How can I protect my business from these IT security threats?

There are three pillars of IT security, each of which must be addressed equally: People, Processes and Technology. You could put in place the most sophisticated technology-based defences such as anti-virus and firewalls, but without supporting your employees with the necessary education, or enforcing the correct patching processes, your network will remain susceptible.


In fact, almost all of the threats above rely on inadequate processes and human error or naivety. Cyberattacks will seek out the easiest route into your network, and that is often your workforce.



How to protect your Microsoft 365 data

Discover the Microsoft 365 IT security features that seem to automatically actively protect your data, but do not. 


The Top SME IT Security Horrors

The top cybersecurity threats facing SMEs, based on our observations of client networks and their vulnerabilities.


How Calligo can help

Calligo’s award-winning IT Managed Services include baked-in services that address all three pillars of IT security and keep your business continuously protected from all attack types.

Our IT Security Services include:

  • Strategic security consultancy
  • Anti-virus, anti-malware, anti-ransomware and anti-SPAM
  • Security audits
  • Patch management
  • Penetration testing
  • Employee cybersecurity awareness training
  • Back-up & disaster recovery
  • Multi-Factor Authentication



Zero Trust -
the real
"New Normal"

Calligo's Chief Information Security Officer, Mark Herridge, has written this blog to discuss why organizations need to adopt a "Zero Trust" approach when it comes to their data security and what steps they need to take to protect their data.


The social engineering tactics everyone needs to be aware of

Social engineering is the use of psychological manipulation to convince and trick people into providing confidential and/ or personal information. Learn which tactics cybercriminals are using and why your business could be at risk.


*Verizon | **Wombat | ***Security Magazine.Com