Email risk is big for small- and medium-sized businesses. Luckily, by understanding the threats you face and the measures you can take to defend yourself, you can make this risk significantly smaller.

 The email threat landscape has been heightened due to COVID-19. Malicious actors are exploiting businesses’ “new reality” - increased dependence on cloud email, lack of IT staffing and funding and rushed deployments of vulnerable cloud platforms. This environment has provided cyber criminals with the ideal opportunity to up their attack game - and sophisticated campaigns designed to steal confidential business information and large amounts of money from victims have proliferated.

Small businesses are at a significant disadvantage: they lack the resources and the staff needed to keep pace with emerging threats, and email risk disproportionately large for these companies as a result.

Awareness is the first step in mitigating cyber risk. To help you and your business stay safe and successful in this difficult time, we’ve put together an overview of some of the most persistent and dangerous email exploits targeting SMBs - namely, phishing, ransomware and business email compromise (BEC), along with tips and advice for securing business email against them.

Threat #1: Phishing

In a phishing scam, a threat actor poses as a reputable individual or organization and sends fraudulent emails with the aim of obtaining sensitive data or infecting systems with destructive malware.

A phishing campaign begins with a cyber criminal spoofing or compromising an email account, and then sending fraudulent emails from that account. In a successful attack, the recipient is tricked into either sharing sensitive information with the attacker or installing malware on his or her system.

Phishing can do serious damage in the form of data theft, financial loss and stalled business operations.

The Numbers

91% of successful cyber attacks begin with a phishing email.

How Can I Protect My Business?

  • Think before you click!
  • Be cautious with links and attachments.
  • Beware of urgent requests and requests for personal information.
  • Most importantly: Safeguard your inbox with a threat-ready cloud email security solution.

Threat #2: Ransomware

Ransomware is a costly type of malware designed to block access to a computer system until a specified ransom demanded by attackers is paid. The average ransomware demand is $84,000, with one-third of victims paying the ransom.

In a ransomware attack, a user receives a malicious attachment in a phishing email. When he or she downloads the attachment, ransomware is installed on his or her system and encrypts files - rendering them inaccessible to the user. The victim then receives a note from the attacker, demanding a ransom payment in untraceable bitcoin in exchange for the restoration of the locked files.

Ransomware can shake any business to the core with the loss of critical business information and documents, significant downtime, large recovery costs and serious reputation damage.

The Numbers

60% of small- and medium-sized companies that are hit with ransomware go out of business within six months of the attack.

How Can I Protect My Business?

Download this infographic to learn more about ransomware.

Threat #3: Business Email Compromise (BEC)

Business email compromise (BEC) is a sophisticated and highly targeted email scam in which an attacker compromises or impersonates an executive’s email account with the aim of obtaining access to sensitive business information or other key assets. 

In a BEC attack, a malicious actor compromises or spoofs an executive email account and then sends fraudulent transfer instructions to a finance employee from this account. In a successful scam, the recipient is fooled into transferring funds to an account controlled by the attacker - and the attacker gets paid.

BEC can have severe consequences for organizations including financial loss, obliterated client trust and the compromise of sensitive data and critical business accounts.

High-speed trading firm Virtu Financial just recently revealed that it paid out $6.9 million as a result of a BEC attack that the firm suffered in May. In this malicious attack campaign, a cyber criminal quietly sat on the company's network for weeks - listening, watching and waiting. The threat actor then surreptitiously tampered with account settings and sent fraudulent emails, resulting in a transfer of funds to a Chinese bank.

The Numbers

Between 2016 and 2019, BEC resulted in $26 billion in reported losses for companies worldwide. 

How Can I Protect My Business?

Download this infographic to learn more about BEC.

Key Takeaways

Email-borne attacks are more problematic for businesses than ever, and SMBs are a favorite target among cyber criminals due to the fact that these organizations often lack adequate resources and expertise devoted to cyber security. 

Luckily, with a comprehensive, fully-managed cloud email security solution in place, you can rest easy knowing that your business is protected around the clock with threat-ready email vigilance - even in the absence of a full-time IT department.


Ready to partner with an industry leader in safeguarding your users and your key assets? Speak with a security expert today.

Must Read Blog Posts

Latest Blog Articles

Recommended Reading