Tiny Fish in a Big Pond: A Guide to Small Business Cybersecurity

Imagine you’re a tiny fish happily swimming along, and then suddenly a shadow looms over you…

Unfortunately, cybersecurity is even more sinister. You won’t see hackers coming until it’s too late and you’re far more at risk than you realise. 

The truth is, cyber attackers will hack you, it’s only a matter of time…unless you read on and learn small business cybersecurity.


There are three common myths small business owners tell themselves about cybersecurity – and if you’re one of them your business is at risk. 

Myth 1: You Aren’t a Target

“I’m a small business, the hackers won’t notice me.”

If you’re telling yourself that, you couldn’t be further from the truth!

Cyber attackers aren’t stupid. They hone their skills and tradecraft over the course of years – always evolving to better compromise business owners like you.

Just like any other trade, they start with small jobs and work on their skills. 

Where an electrician might learn to rewire a power point before they learn to rewire a house, a hacker will learn to breach a small business before taking on a larger one. 

You are the power point.

Myth 2: You Haven’t got Anything to Lose

“I’m a small business, I’ve got nothing for them to take.”

There is always something for them to take, and it may not be what you’d expect. 

Cybercriminals are increasingly valuing data and access as highly as money. So even if you don’t have much in the bank for them to steal, they have other ways to steal from you.

If you keep customer or team member records on file, this information is valuable to a hacker. They can use your email accounts in phishing scams to trick your employees or customers, or as part of a larger spam network comprised of other unfortunate small businesses like yours. 

They can also disrupt your service and force you to pay them that way. They’ll lock you out of your own system or files and charge you a ransom to get back in. 

Myth 3: There’s Safety in Numbers

“There are so many businesses out there that the chance of mine being targeted is tiny.”

There’s a lot to be afraid of when you’re a tiny fish in a big pond. That’s why you might think there’s safety in numbers. 

Unfortunately, once again, we’re going to have to disappoint you.

Not every attack is targeted. In fact, many hackers don’t single out individual small businesses, but instead, take advantage of their usually inadequate security to breach huge swathes of them in untargeted attacks. 

Known as bulk campaigning, many cybercriminals will simply send out generic phishing campaigns to as many businesses as possible and rely on the sheer volume to guarantee hits.

Long story short, they aren’t coming after one tiny fish, they’re coming after the whole school!

Why Cyber Attacks are More Devastating for Small Businesses

Now that those myths have been busted, you should be starting to sweat a little – and for good reason!

If you do get targeted, you actually have far fewer options and a lot more to lose than larger businesses. 

You Have Fewer Recovery Options

One of the biggest challenges for small business cybersecurity is your limited resources. 

Unlike large corporations, you likely don’t have a dedicated IT department or the budget to hire outside cybersecurity experts. This can make it more difficult to recover from a cyber attack and get back to business as usual.

To really put this in perspective, 20% of small businesses take more than 30 days to realise they’ve been breached! 

In fact, one Central Coast business lost $40,000 from a single client breach after the hacker had lurked in their system for 120 days!

That’s right, as you’re reading this you may have already suffered a cyberattack! What’s worse, if you have been compromised, the longer you leave it without realising it, the more damage can be done. 

You Have Fewer Financial Reserves

Small businesses tend to have fewer financial reserves than larger ones. This means if a cyber attack does occur, you’ll struggle to cover the costs of repairing the damage. 

If your business operation is completely disrupted, you’ll lose revenue. Plus, the cost of hiring an IT agency will also set you back. If you’re a business that lives week-to-week, or if you’ve already incurred some debt, a cyberattack may cripple your business. 

You’re More Dependant on Your Reputation

Finally, small businesses are often more dependent on their reputation than larger ones. 

Massive companies can have their reputations affected by cyber attacks, but they can usually bounce back because they are benefiting from years of building brand awareness. 

Look at Optus’; even after their catastrophic data breach, millions of Australians are still using their service.

If your small business is hacked, your customers may lose trust in your ability to keep their data safe. Unlike at the top end of the business size scale, at your smaller end, a high-profile catastrophe could cause irreparable damage to your reputation. 

How You Can Protect Yourself

The Essential 8 is a mitigation framework designed by the Australian Cybersecurity Council (ACSC) to protect businesses from cyber attackers. 

The reason it’s ‘essential’ is because it outlines the 8 most essential cyber protections your small business needs to be cyber secure. 

You can read a full overview of the Essential 8 here, which an IT company can install for you. In the meantime, there are two DIY measures you should take today to start protecting your small business.

Multi-Factor Authentication

In modern cybersecurity, relying solely on strong passwords is no longer enough. Multi-factor authentication has become an essential security measure that uses multiple devices to authenticate you, providing an extra layer of protection.

For example, logging into an account on your desktop might require you to enter a code sent to your phone via SMS. To gain access, you need to enter the code into your desktop device, making it more challenging for an attacker to hack into your account. 

Using more layers and different devices increases security. Setting up multi-factor authentication is easy with Microsoft 365, and third-party app providers may support it too.

Email Spam Filter

Receiving spam emails every day is dangerous. These emails often contain malware or phishing scams designed to trick you into compromising yourself. 

They’re also costing you time. One Central Coast business was receiving a large volume of spam emails, meaning they had to devote huge chunks of their day to clearing their inbox!

Simply installing an email spam filter can instantly remove the majority of these emails from your inbox. Shop around online to find a reliable one and it’ll make an overnight difference to your cybersecurity.

OneCloud IT Solutions

Still feeling vulnerable is the big pond you’ve found yourself in? 

There’s one more thing you can do to protect yourself, and that’s getting a bigger one to come and protect you!

At OneCloud IT Solutions, providing cybersecurity for small businesses like yours is our speciality.

Whether it’s implementing the Essential 8 or helping you recover after a breach, we’re here to help!

Get in touch today.