The regular small business owner probably thinks to him or herself, “I don’t have anything a cybercriminal would really want.” That’s because the business owner doesn’t understand that all their information has a certain amount of value.

Take for instance the ‘dark web,’ is a collection of websites that exist on an encrypted network. It has emerged into an information superhighway for cybercriminals and provides the perfect platform for stolen data and personal information. If a cybercriminal cannot use the information or data they’ve taken, they often go to the illicit market to monetize it.

“That information can be sold from anywhere between $10 to $25 per identity, so if they steal a 100, it can start becoming lucrative, especially if you’re doing it every day and multiple times a day,” states Terry Roberts, founder and CEO of WhiteHawk, a cybersecurity firm.

The average cost of a data breach is nearly $4 million for large companies and up to $148,000 for small businesses, according to UPS Capital research. The consequences? While big companies are positioned to handle a breach more effectively, smaller businesses are not. As such, a breach can have a sizeable impact on a small business’s bottom line.

According to a report published by Breach Level Index, 43 percent of cyber attacks target SMBs because many do not implement robust security measures to protect their sensitive information. Additionally, an alarming 3,437 records are stolen every minute.

If that isn’t bad enough, consider the fines a company can face for mishandling customer data by failing to meet minimum compliance standards to keep that information secure. Those fines and numbers only increase when a business considers the loss in reputation and trust as well as the potential loss of the business itself.

Here are three types of cyber threats that can impact a company’s short and long-term growth:

Phishing emails

Phishing is one of the easiest forms of a cyber attack for a criminal to carry out. This type of attack is usually carried out over email, and the criminal attempt will either trick you into downloading malware or get you to click a link that asks you to enter personal information.

“Think of script as an automated string of code that is performing a singular function repeatedly at a push of a button – allowing the attackers to retrieve your personal and business information,” says Mike Ferris, Senior Analyst at WhiteHawk.

Ransomware

Ransomware is a form of malicious software that denies access to your data and information.

“It’s a malware invasion of your system,” says Roberts. “They encrypt all of your data, and they hold it hostage until you pay them.”

One study by Barkly, a software and network security company, found one in five businesses that paid a ransom never got their files back. What should you do? Don’t pay them and back up your data. If you pay them, you’re essentially enabling them to continue doing what they’re doing. Always backup your data on a daily, if not weekly basis.
“This is one area where training your workforce is critical,” Ferris adds. “Your employees need to be able to know how to react when they get something suspicious.

DDoS attacks

A distributed denial of service (DDoS) attack is the simplest of the three. This attack is an attempt to make an online service unavailable by flooding it with traffic from multiple sources. An attacker will have a script or a botnet, where they can control computers all around the world, and those computers will send bytes of data to a server to use up the network bandwidth.

In an online environment, cybercrimes are difficult to prosecute because of anonymity as well as magnitude, making it difficult for law enforcement to build a case unless the activities are affiliated with well-known groups.

Ferris suggests businesses to enlist third-party DDoS protection services, including Cloudflare, Incapsula, and Trustwave because it’s the most affordable and simplest option to protect against DDoS attacks. Also, contact your Internet Service Provider to see if they can help with DDoS mitigation.