Business Cyber Threats: Protecting Your Company and Customers

October is Cybersecurity Awareness Month. To conclude our month-long series on cybersecurity, this week we’re discussing business cyber threats and how you can help protect your company and customers.

If you own a small business in Utah, you might think cybercriminals aren’t interested in your company. Why would they target a local restaurant or construction business when they could go after major corporations instead?

But the reality is, small businesses are easier to take advantage of than bigger companies, and most are extremely vulnerable to threats. They’ve become preferred targets for cybercriminals, and the statistics are grim. While large corporations can absorb financial hits and keep operating, a single successful cyber attack can force a small business to close its doors for good.

Why Cybercriminals Target Small Businesses

The misconception that small businesses are “too small to be targeted” is exactly what makes them easy victims. Cybercriminals aren’t always looking for the biggest payout. They’re looking for targets that give them a high probability of success. A recent study shows that 43 percent of cyber attacks target small businesses, but only 14 percent of those businesses are prepared.

Most small businesses operate with limited IT budgets and resources, and in some cases none at all. Most major corporations invest heavily in cybersecurity teams and defense systems, whereas small businesses usually rely on basic antivirus software.

Along with outdated systems, most small businesses have employees working on personal devices, with little-to-no backup. These are the kinds of vulnerabilities that make them easier targets. Cybercriminals don’t have to work as hard, and there is little chance of getting caught.

Your Data is More Valuable Than You Think

A lot of small businesses handle surprisingly valuable information. At any given time, your average bookkeeper, real estate agent, or local gym has in its possession a database of customer names, addresses, phone numbers and payment information. Employee records include Social Security numbers and bank details. If your business processes credit card transactions, that data is valuable to cybercriminals looking to get access to financial records.

Small businesses can also serve as stepping stones to larger targets through supply chain attacks, where hackers are trying to infiltrate bigger clients’ networks. And unlike large corporations with full-time IT security teams, small business owners often wear many hats and may lack time or expertise to stay current with the latest cybersecurity threats. Employees might not be getting adequate cybersecurity training, making them more susceptible to social engineering attacks.

Common Cyber Attacks Targeting Small Businesses

There are a few strategies that cybercriminals regularly use when going after small businesses, and the more adept you are at spotting them, the better.

Ransomware attacks are one of the most common, where hackers can disable your entire business and steal your data using encryption techniques. They will typically demand a hefty ransom to get it back online.

Business Email Compromise (BEC) is becoming widespread and increasingly difficult to catch. According to the FBI’s IC3, BEC attacks caused $2.77 billion in losses in 2024 alone, making it the second most costly cybercrime category.

This kind of attack involves impersonation of executives, vendors, or clients in an effort to trick you or your employees into giving away financial access or otherwise sensitive information. BEC can be especially devastating since it exploits your personal and business relationships, and it’s almost always impossible to reverse. Once you’ve transferred funds via wire to a criminal, you can’t get them back.

The Real Cost of Cyber Attacks

Cyber attacks don’t just take a toll on your finances, which is what makes them so threatening to the survival of your business. There is a ripple effect beyond the direct cost of the attack, that can destroy years of hard work and investment. The average time to identify and contain a breach is 258 days, meaning months of ongoing expenses and disruption.

Aside from the immediate loss of funds due to ransom payments and/or fraudulent draws on your account, it’s important to factor in the cost of emergency IT services, investigations, legal fees, compliance costs, customer notification expenses and possible regulatory fines.

If your systems have been disabled, everything stops. You can’t process orders, access customer records or financial systems, or communicate with clients. You employees might not be able to work while you’re still paying salaries.

Cyber attacks like BEC can affect personal relationships and your community reputation. Missed payments or leaked data can erode trust between you and your vendors and/or your customers.

Cyber Hygiene for Small Businesses

Protecting your business doesn’t require a corporate-sized IT budget, but it is a good idea to start planning strategically and implementing a few safeguards.

Employee Training: Most successful cyber attacks result from human error, which is why employee education is your first line of defense. Your employees should be up-to-date on what phishing emails look like, as well as secure password management, safe internet browsing and reporting procedures.

Network Security: Implement at least basic network protections — like commercial-grade firewalls, Virtual Private Networks (VPNs) and regular security updates.

Data Protection: Don’t back up all of your data into one place. Try following the 3-2-1 rule: keep three copies of important data, stored on two different media types, with one copy stored offsite. Use encrypted cloud storage for offsite backups to keep them safe from ransomware.

Incident Response: Make a plan for how you’ll respond if your business is affected by a cyber attack. Include standard procedures for containment, communication protocols, important IT contact information and legal counsel.

Cyber Insurance: Consider signing up for a cyber insurance plan. A good policy covers data breach response costs, losses from business disruption, extortion payments and legal defense costs.

Utah Resources: Utah offers excellent resources specifically for small businesses. The Utah Cyber Center provides free cybersecurity consultation, training resources, and incident response support for businesses of all sizes. It also coordinates with federal resources to provide small businesses access to cybersecurity tools and expertise that would otherwise be too expensive.

Protect Your Business

Cybersecurity isn’t just for big corporations. Businesses of all sizes are targets. In today’s world, it’s not a question of whether or not cybercriminals will target your business, but rather a question of when.

At First Utah Bank, we work with local business owners to provide secure banking solutions, and we’re in a unique position to help you identify warning signs of cyber attacks. As a community bank, we’re here to protect your interests and alert you if something seems off. We take the time to get to know you personally, and developing that type of one-on-one connection with your banker can prevent unusual requests or suspicious account activity from getting approved.

By investing in cybersecurity now, you can avoid the costly process of recovering from a cyber attack in the future. And if you suspect any kind of cyber attack against your business, it’s important to report the incident to the Utah Cyber Center and your local representatives at First Utah Bank. Sharing information helps us assist in your recovery and prevent more attacks.

We will never ask for your login credentials, and if you receive a call from someone who asks for this information, please notify us immediately by calling our main branch at 801-308-2265.