Industry News: No Business is Too Small to be Attacked

No Business is Too Small to be Attacked

No firm or business is too small to be victimized by the growing number of sophisticated cyber criminals. The key is to take the proper steps to avoid situations that can put you out of business.

Many small business owners have fallen into traps simply because they believe they’re too “small” to get the attention of those charged with regulating operations.

Some don’t have employee handbooks even though they are required to do so. Others have been very loose with designating workers as “independent contractors” when they clearly are not. Some have inaccurately deducted expenses for having a home office.

Sound familiar?

As small business consultants, accounting firms have become important for small businesses seeking much more than tax and book-keeping challenges. Today, the “we’re-too-small” mentality has trickled into the vernacular when it comes to cyber security, resulting in financial ruin. Frankly, the risks are greater with small businesses simply because one successful hacker or phishing expedition can close their doors.

However, it stands to reason that small businesses frequently don’t take the proper precautions. They may not have sophisticated IT professionals working on their behalf. Some may be too busy. Others simply believe it just won’t happen because hackers don’t target small companies.

It makes sense since because we rarely read about small companies that are targeted by cyber security. The big names in the corporate world are the ones getting noticed. For example:


  • Foreign exchange company Travelex was the victim of a six figure ransom that was timed when staff was on holiday.
  • The UK’s National Trust was hit when alumni data and donors was stolen. It is part of a growing list of educational organizations and charities that are being victimized.
  • Lloyd’s of London clients were threatened in a phishing effort that arrived in inboxes on apparent Lloyd’s letterhead that informed them that there “account has been disabled”.


These are a small sampling of cyber attacks from last year. Thousands of similar attacks have been made on unsuspecting small businesses, which frequently, are as vulnerable – or more so -- as larger organizations. We just don’t hear about them. But small businesses have the same risks and are as targeted as large multi-national corporations. These attacks include credential phishing, malicious attachments and links, business email compromise, fake landing pages, downloaders, spam, and malware and ransomware strains. Many of these are tied to the coronavirus since people are spending more time online and working from home on employer computers. With a bit of vigilance, training, and procedures, all businesses can operate safely and frustrate devious hackers. The following are some basic strategies that should become part of a corporate culture:

  • Ransomware crooks rely on you not having back-up systems in place. You can essentially ignore ransomware if you have reliable back-up systems in place.
  • Never click on a link directly from an email unless you know its origin. That email is more likely to contain spam, and the link could lead you to a virus-laden site that will infect your machine.
  • Check for the secure icon alongside web addresses if you do visit a website.  In the absence of that icon, you are probably visiting a scam site.
  • Avoid giving out personal information via email if you receive an unsolicited email.
  • Delete the email. If you do receive an obvious phishing email, there’s no need to panic! That email cannot hurt you by its mere existence. Do not download an attachment. When in doubt, delete the email.
  • Track purchases carefully. During the pandemic, more than ever, keep track of any purchases to avoid fraudulent charges. Many credit card providers offer protections and will provide refunds.
  • Use different passwords on every site. If one password is compromised, then at least your other accounts can’t be infiltrated.
  • Change your passwords often.
  • Type in URLs yourself. If you receive an email asking you to log into an account, you should type in the URL yourself to be on the safe side. That way, you’re 100% sure you’re on the legitimate page.




The point here is that no business is too small to be victimized by the growing number of sophisticated cyber criminals. The key is to take the proper steps to avoid situations that can put you out of business.

Jess Coburn Mar 23rd, 2021  

======= Jess Coburn is president and founder of Boca Raton-based Applied Innovations (www.appliedi.net), a firm that has helped businesses succeed in the cloud since its inception in 1999. Today Applied Innovations is one of Microsoft’s closest partners and a recognized industry leader in delivering high performance, secure cloud solutions.

https://www.cpapracticeadvisor.com/small-business/news/21215561/no-business-is-too-small-to-be-attacked

Share this post

Leave a comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

Latest Articles

  • 02 Aug

    Online Education Opportunities Offering Free CPE

    We're happy to announce that we are offering four new webcasts and will continue to record new risk management content over the next several months. In addition, we are offering a wide selection of self-study courses leased from Checkpoint Learning. And as a reminder, all of our CPE is ava... read more

  • 12 Jul

    Malpractice Risks Increase During Difficult Economic Times

    In CAMICO's 35 years of experience, economic conditions have had a significant impact on CPA professional liability claims. In light of the current economic challenges, now more than ever, CPAs will need to be prepared and vigilant to minimize the potential of additional liability exposure... read more

  • 09 Jul

    Creditworthiness Verifications and PPP Loans

    CPA firms receiving requests from lenders for creditworthiness verifications for clients who had requested Paycheck Protection Program (PPP) loans were often unsure of how to respond. The advice CAMICO gave CPAs assisting their clients with PPP loan applications is valid for similar circum... read more

  • 07 Jul

    War Story 119

    Subject: Business Management Services; Wire Transfer Fraud

    John Duval, CPA, had been engaged for several years by a high-net-worth client, Ed Robertson, who developed commercial and residential real estate. Duval provided business management and bill-paying services, which inclu... read more