Skip to main content

Being aware of the nature of cyberattacks and cyber threats and their potential sources are just the first steps in protecting your business from them. It is critically important to understand your potential vulnerabilities. After all, the strongest and best protected front door is of little use if the back door is left open and unattended.

The most common vulnerabilities of which SMEs should be aware include:

1. Email

This is possibly the greatest single vulnerability for SMEs when it comes to cyber threats. Individual employees can be targeted with phishing or spoof emails carrying malware payloads in their attachments and can unwittingly become accomplices to the cybercriminals. Standard antivirus and spyware software doesn’t necessarily offer full protection due to the rapidity with which new viruses and malware are being developed and released onto the net.

2. Social media

Cyber threats Firms of all sizes are successfully using social media for customer engagement and marketing campaigns. It has the advantages of being relatively cheap and reasonably measurable when in terms of its effectiveness.

Large organisations have quite sophisticated social media strategies which not only govern the use of the channel within the workplace but also ensure that pages and feeds are hosted completely separately from their internal systems.

This is generally not the case for smaller firms, however, and this opens up a host of vulnerabilities including the use by hackers of social media pages to gain access to networks. Staff members sharing inappropriate information or confidential data on social media also presents problems.

3. Internet of Things

The sheer volume of seemingly innocent devices which have now become cheaply available are proving to be a major security threat to SMEs. Security cameras, heating and lighting controls, intercom systems – all are now internet enabled and available off-the-shelf at low prices from hardware and electrical stores.

There have been a number of reported instances of companies installing a WiFi enabled security camera to improve security but then finding that hackers used the cameras to break into their networks.

4. Removable media

While cloud computing and readily available file sharing services may have reduced demand for removable media such as USB sticks and portable drives they are still very much in use. These devices can be easily lost or stolen and, if connected to the wrong device, compromised with malware.

5. Portable devices

Almost everyone has heard stories of stolen laptops involving celebrities such as Bono or UK civil servants. In the former case an almost complete new U2 album was on the laptop and it was returned by a well-wisher. In the latter case, the laptop contained sensitive personal data belonging to millions of UK citizens and no one yet knows what malicious use this data was put to.
Once a device leaves the workplace it represents a significant vulnerability. The same applies to company smartphones and tablets.

6. Company phone apps

While smartphones and tablets can be secured to protect the data stored on them and prevent them being used as tunnels into the firm’s network this only deals with part of the issue.

Smartphone users routinely download apps which demand data sharing permissions and these apps effectively create a backdoor to the data stored on the phone and to the firm’s email server and network.

7. The cloud

The cloud is a relatively new phenomenon but is now so widely used that it is taken for granted by many firms and individuals. In a very short time it has transformed the way almost everyone thinks about computing and data storage. It is hard to find anyone who doesn’t make some use of cloud storage solutions like Google Drive or Microsoft OneDrive while the ubiquity of accounting software solutions like Big Red Cloud have brought the power of cloud computing to bear for organisations of all sizes.

Cyber ThreatsWe don’t have to worry about the capacity of hard drives or servers any more, we can just order up extra cloud space for a few cents a month. And installing complex software and keeping it updated has become a thing of the past due to the software as a service (SaaS) model enabled by cloud computing.

But it can bring security issues as well. In the first instance it should be noted that there are actually two clouds to consider – the personal cloud and the company cloud. The personal cloud is the one that your employees are using on their smartphones, laptops and other devices. The problem there is what happens if they are routinely saving company files onto their personal cloud storage to enable remote or home working and their device is subsequently hacked? The consequences for sensitive company data could be very serious indeed.

There are also issues with the company cloud. Cloud computing SaaS offerings are usually secure and trustworthy. Indeed, Big Red Cloud could not survive without investing heavily in premium level security. The issues arise in relation to data storage.

Very large organisations tend to own and control their own cloud solutions and the next level below this is an expensive managed solution. But for most SMEs the cloud storage is a commodity service which is purchased according to price. The problem is that while the reseller you are dealing with may be based here in Ireland you really don’t have any idea where in the world your data is being stored and what security standards are employed. This not only creates vulnerabilities in terms of hacking but also in relation to catastrophic data loss. A fire in a datacentre somewhere in South-East Asia could result in a business losing much of its most important data.

8. Virtualised networks

This was and still is heralded as a breakthrough technology for small and larger organisations alike. A virtualised network uses software to combine various resources on a network to act as a single server or processing entity. This means that resources and capacity are used far more efficiently overall but it does have security implications as it is not readily visible where individual pieces of data are being stored.


Bring your own device (BYOD) was something of a buzz-word in the ICT sector a few years ago. It was a policy for large organisations and a reality for smaller ones. The concept was very alluring. By allowing employees bring their own devices to work and use them on the network companies would save in hardware costs and other overheads. Watching people sitting at meetings using their own iPads to share information and collaborate must have been very pleasing to the eye of financial controllers everywhere.

But, more recently, this seemingly liberating and wonderfully cost reducing concept has been relabelled “bring your own disaster” by some wags in the cybersecurity sector. Some are even using the analogy of hospital acquired infections in relation to it. People are bringing devices to work which could be riddled with malware and are infecting the network and their colleagues’ devices with them. They are also creating potential backdoors to the network for the cyber criminals to exploit.

10. Wearable devices

Allowing employees to connect their smartwatches and other wearable devices to the company network carries the same risks as BYOD. The simple answer is to prevent this but there is an increasing number of wearable productivity devices coming onto the market that companies will have to contend with.

Cyber threatsThis is by no means an exhaustive list of all the cyber vulnerabilities and cyber threats which organisations need to be aware of, it merely outlines the ones which SMEs should pay most attention to. Every firm should look at their own operations and how they do business to assess whether these vulnerabilities apply to them or whether they need to take others into consideration.

If you’re still unsure about the scale or number of cyber threats out there, then take a few minutes to read our blogs on cyber security. It will serve as a great jumping off point for you and your business colleagues to understand the cyber threat landscape and will also provide you with the information so as to take the next and absolutely critical step – review your IT set-up ASAP.

Marc O'Dwyer

After completing a Graduate program in Marketing, Marc’s impressive sales career began at Allied Irish Banks, Pitney Bowes and Panasonic where he received numerous Irish and European sales performance awards and consistently exceeded targets and expectations. In 1992, Marc’s entrepreneurial spirit led him to set up his own business, Irish International Sales (IIS). Initially, this company was a reseller for Take 5 Accounts and Payroll software. Within four years, IIS became the largest reseller of Take 5 in Ireland, acquiring four other Take 5 resellers. He also found time to set up two mobile phone shops under the Cellular World brand and a web design company offering website design services for small businesses. In 2001, he bought the majority share in a small Irish software business, Big Red Book. At that time, the company was losing money. The company became profitable within two months, and Marc then acquired a payroll company to compliment Big Red Books Accounting products. In 2003, IIS were appointed as Channel Partners with SAP for their new SME product, SAP Business One. Marc sold his Take 5 business and concentrated on developing this new market for SAP As a result, by 2007, IIS was recognised as the largest Channel Partner for SAP in EMEA (Europe Middle East and Africa). In 2008, the IIS Sales Manager bought the Company from Marc in an MBO. He launched Big red cloud in June 2012, the online version of big red book, to date the company successfully converts 59% of trials into sales and the number of customers is growing rapidly. Marc continues to run both Big Red Book and Big Red Cloud which now support 75,000 businesses. He is a very keen sportsman, having played rugby for 20 years, represented Leinster at under 16 and under 20 levels, and league squash with Fitzwilliam Lawn Tennis Club for 10 years. Marc has competed in 11 Marathons, including the London and Boston Marathons, and has completed several Triathlons and Half Ironman races. He has also completed six Ironman Races in Austria(x2), Frankfurt (Germany), Nice (France) , Mallorca (Spain) and Copenhagen (Denmark)

This site is registered on as a development site. Switch to a production site key to remove this banner.