5 Reasons Cyber Hackers Love Small Businesses

Because many large corporations are investing in making their enterprises hacker proof, small and medium-sized businesses have increasingly become targets of cybercriminals. Since compromised credentials are among the core reasons for data breaches they experience, NordPass, a password manager technology company, has identified five critical reasons why small businesses fail to ensure password security.

1. Hard to keep up with social engineering attacks

Techniques to trick Internet users into giving out their data to hackers are constantly developing. As a result, companies experience difficulty in keeping up with online threats. “One company shared with us that they get at least five fake requests per week where someone asks to be given admin rights to their Facebook profiles. This, unfortunately, is a modern reality of many high-performing businesses,” says Karolis Arbaciauskas, head of business development at NordPass.

Based on the latest Verizon Data Breach Investigations report, social engineering attacks,  system intrusion, and privilege misuse incidents make up 92% of breaches that happen among small businesses worldwide.

Arbaciauskas points out that being on top of things requires certain investments, such as deploying tools that help detect risks or hiring a cybersecurity professional. Some small businesses may find these measures too much of a financial burden.

2. Ensuring third-party integrations are safe

Another reason why small businesses fail to ensure a secure environment for their own or clients' data is over-trust in third-party service providers. Smaller businesses often outsource services or use third-party integrations within their systems or apps to, for instance, sub-process some of their clients' data, including passwords.

According to Arbaciauskas, in this case, if an external service provider gets breached, a company's data also falls into the hands of hackers. To avoid these situations, businesses should do their homework and critically evaluate the cyber preparedness of their partners.

3. Changing employee password habits

Because 74 percent of all data breaches in 2023 involved the "human element," it is no surprise  the way Internet users handle business and private accounts needs to change. Yet people continuously use weak passwords to secure their accounts.

The password "password" was the world's most common password globally in 2022, followed by other simple combinations of numbers, letters, and symbols, for example, "123456," "qwerty." Business owners, CEOs, and other top-level executives are no different in this regard — the study shows their most loved password is also "123456."

"Cybersecurity professionals are losing hope we will ever learn healthy password hygiene. Because of this, progressive companies shift the password management burden from employees to technological tools. The world is also looking for new online authentication methods," says Arbaciauskas.

4. Managing accounts with employee turnover

Many companies find it hard to manage the passwords to their accounts — update them regularly, create strong ones, and safely share them among employees. It is especially challenging when new employees are joining the company or someone is leaving. In the case of an employee leaving, a company has to change all passwords and share the new ones with different teams.

"It is extremely time-consuming, so businesses typically fail at this stage. We underestimate the power of one former employee with one of your passwords at hand. More so if the employee did not leave on good terms," says Arbaciauskas.

5. Convincing employees to adopt new technologies

With various technological tools available to help secure the accounts and enable employees to work more productively, business owners or managers still need help convincing employees they need it. Arbaciauskas says that the acquired tool should be user friendly so that the company can ensure a smooth transition toward it, and this is where businesses have to do their research.

"A tool that requires a degree in IT will not add any value to the organization because most users will do anything to avoid using it daily," says Arbaciauskas.