Did you know that at least 43% of cybersecurity attacks are aimed at small businesses? Unfortunately, this number is expected to increase.

Our latest infographic, “Top Online Threats to Small Businesses,” shows the key types of malware and how your small business can best protect itself from attacks.

What Online Threats Are Out There?

Recently we’ve been reading in the media about large companies like Equifax, Uber, Yahoo and Facebook being breached, but small companies are not immune to these attacks.

In 2017, the most common malware attack against small businesses were macro malwares, affecting nearly 113,000 businesses. Online banking malware and ransomware were also prevalent throughout the year, affecting 66,000 and 54,000 businesses respectively. But how do these attacks compromise a business and what can they do to protect themselves?

Macro Malware

Macro malware is typically transmitted through emails that contain malicious attachments. By resembling invoices, receipts, legal documents and more, the file names entice users to open the document. In 2017, 269 billion emails were sent and received. Out of those, 39% were phishing scams.

Here are a few tips on how you can protect yourself against macro malware:

  • Download attachments only from emails you trust
  • Check for discrepancies and irregularities, such as misspelled words
  • Disable macros in Microsoft applications

Online Banking Malware

With 71% of bank customers regularly using online banking and 43% using mobile banking, a large population is at risk of having their banking credentials or credit card information stolen.

Instead of attacking a financial institute’s online banking server, online banking malware attacks your personal computer or phone to gather information. By displaying the illusion of an online banking site, users input their information for hackers to receive. It takes only nine minutes for thieves to use the stolen data.

Follow these helpful guidelines to avoid fraudulent banking sites:

  • Bookmark trusted and frequently-visited websites
  • Directly type the bank’s website address as a precaution
  • Enable additional authentication measures, such as two-factor authentication, if available


Ransomware is a type of malware that prevents or limits a user’s access to their system until a ransom is paid. In some cases, file types can be encrypted on the infected system and force users to pay the ransom through an online payment to receive the decryption key.

On average, the amount demanded is $1,070, but that price doesn’t include the full picture. In 2017, the average cost per ransomware attack to a business was $133,000. The real culprit isn’t the amount of money being demanded, but rather the recovery costs like downtime, emergency response and lost opportunities.

Here are a few ways to guard yourself against ransomware:

  • Beware of suspicious emails with urgent requests for personal information
  • Avoid opening unknown emails or embedded links
  • Regularly update software to patch vulnerabilities

Blocking attacks doesn’t need to be complicated or expensive. By being aware of what types of threats exist online, you can better prepare your protection against them.

Not all malware attacks are created equal. Connect with a SCORE mentor today to create a cybersecurity solution suited for your small business.

About the Author(s)

 Bridget  Weston

Bridget Weston is the CEO of the SCORE Association, where she provides executive leadership and works directly and collaboratively with the Board of Directors to establish the vision and direction of SCORE.

The Top 3 Types of Malware Attacking Your Small Business