Skip to main content
NCDIT logo NCDIT

Topical Navigation

  • Home
  • Services
  • Programs
    Programs
    • Broadband & Digital Equity
    • CJLEADS
    • Enterprise Strategy
    • FirstTech
    • IT Volume Purchasing
    • N.C. 911 Board
    • N.C. Health Information Exchange Authority
    • NC360
    • Optimization
    • Project Portfolio Management
  • Resources
    Resources
    • COVID-19 Resources
    • Cybersecurity & Risk Management
    • Data Protection & Privacy
    • Statewide IT Strategic Plan
    • Statewide IT Procurement
    • State IT Policies
    • IT Application Portfolio Management
    • Standards
    • Resources Guide
    • Knowledge College
    • Documents
    • Reports
  • About
    About
    • Commitment to Customers
    • Leadership
    • Boards & Commissions
    • Climate Change & Clean Energy
    • NCDIT Strategic Plan
    • Work for NCDIT
    • Annual Report
    • Rules Review
  • News & Events
    News & Events
    • Events
    • Press Releases
  • Support
    Support
    • NCID
    • Training & User Resources
    • Submit a Service Desk Ticket
    • Report a Cybersecurity Incident
    • Services Status
  • Contact
    Contact
    • Media Inquiries
    • Public Records Requests
    • Speaker Requests
  • PASSWORD HELP
  • SERVICE PORTAL
  • CAREERS
  • NC.GOV
NCDIT »   Resources »   Cybersecurity & Risk Management »   Cybersecurity Awareness »   Cybersecurity for Small Businesses »   Common Threats

Cyberthreats to Small Businesses

Small businesses are adopting online technology to reach new customers and make sales. But as small businesses evolve, so do cybersecurity threats.

Cybercriminals don't only target large corporations. In fact, small businesses can be even better targets.

They often don't have the budget or the time to devote to security like larger companies. But small businesses have customer, employee, proprietary and financial information that cyberthieves want.

Small businesses can protect themselves and their customers. They can learn about steps they can take to improve their cybersecurity and what the most common cyberthreats they might face are.

First Steps

The first step for small businesses to protect themselves and their customers from cyberattacks is to assess their risk.

Risk assessment finds potential vulnerabilities in businesses' networks, systems and organizations. It also identifies improvements that small businesses can make to improve their cybersecurity and reduce their vulnerability to cyberattacks.

Small businesses without their own IT staff can use risk assessment resources from the U.S. Department of Homeland Security, including a cyber resilience review and cyber hygiene vulnerability scanning.

Get more cybersecurity tools and tips for small businesses to improve their cybersecurity.

Common Cyberattacks

Understanding the most common cyberthreats targeting small businesses can help them to avoid becoming the victims of these attacks.

Malware is malicious software or code used to steal information and damage devices, including computers, servers and computer networks. Two types of malware are viruses and ransomware.

Viruses are harmful programs, code or software that can replicate themselves to spread between computers and other connected devices. They are usually sent through email attachments and can damage computers and hard drives. Viruses give cybercriminals access to businesses' systems.

Ransomware is a form of malware designed to attack an individual or organization's computer network. It restricts access and encrypts data, holding it hostage until a ransom is paid. Ransomware is usually spread through email and exploits unpatched vulnerabilities in software.

The FBI recommends never paying a ransom. North Carolina state agencies must report ransomware incidents.

Phishing is a type of cyberattack in which someone pretends to be a trustworthy person, website or organization to trick the victim into sharing their username, password or other personal information. Phishing emails appear to be from a legitimate person or organization. They often include a link or attachment that, once clicked, releases malware that collects sensitive information onto the user's device.

Phishing attacks can take many forms. Learn more about the different kinds of phishing attacks and how to avoid them.

Understand the definitions of these and other common cybersecurity terms.

About this Page

This page is based on information from the U.S. Federal Communications Commission, Small Business Administration, National Institute of Standards and Technology and Cybersecurity Infrastructure and Security Agency.

Cybersecurity for Small Businesses

  • Common Threats
  • Tips & Plan
  • Tools & Resources

Share this page:

  • Facebook
  • Twitter
  • Email

How can we make this page better for you?

Back to top

Contact

N.C. Department of Information Technology

P.O. Box 17209
Raleigh, NC 27619-7209
919-754-6000
800-722-3946

 

@NCDIT

Tweets by @NCDIT

Quick Links

NCDIT Service Portal
NCDIT Service Desk
NCID Assistance
Training & User Resources
Statewide IT Strategic Plan
Cybersecurity Incident Reporting
NCDIT Communications Hub

Follow Us

  • Facebook
  • Twitter
  • Flickr
  • YouTube
  • LinkedIn
  • Accessibility
  • Terms of Use
  • Privacy Policy
  • Open Budget
https://it.nc.gov/resources/cybersecurity-risk-management/cybersecurenc/businesses/threats