It seems like every month we hear reports of another major cyber attack that has impacted a company. Just recently we’ve seen everything from a cyber attack that resulted in Toyota’s second data breach to a Florida town paying $600,000 to ransomware criminals.

And these are just the attacks that make the news.

What don’t necessarily make the news cycle are the attacks on small businesses. However, that doesn’t mean that these attacks don’t exist. In fact, Cyber Defense Magazine estimates that cyber criminals spend 43% of their time attacking small businesses.

Who are these attackers targeting the networks of small businesses, and what are their motivations?

We sat down with Attila Torok, Director of Security Engineering at LogMeIn, and asked him to dive into the mindset of these cybercriminals. In addition to the high-level overview below, Attila joined us for a live webinar where he covered this landscape in greater detail. The webinar is available to view on-demand here.

CYBER-CRIMINAL #1: Script Kiddies 

Script kiddies are cyber criminals who mass email or deploy scripts in order to hack networks. For the most part, these cyber criminals operate independently and are not extremely technical. (They tend to use scripts or code that they find on the internet.) Therefore, in most cases, they are unaware of the damage they are causing with certain scripts. Script kiddies tend to target low-hanging fruit such as poor passwords or unpatched systems.

They are primarily motivated by the satisfaction they feel once they successfully hack into a network. These cyber criminals enjoy bragging to their networks on their cyber criminal escapades. Compensation is a secondary motivator that also inspires these hackers.

CYBER-CRIMINAL #2: Organized Cyber Criminals 

These cyber criminals are more educated and organized than script kiddies. They tend to be very tech-savvy and engage in cyber-criminal activity as part of their full-time occupation as product managers or engineers. Organized cyber criminals use a variety of methods for infiltrating a system, such as phishing and ransomware.

Like script kiddies, organized cyber criminals tend to focus on low-hanging fruit, where quantity over quality is the driver. Unlike script kiddies, organized cyber criminals are motivated completely by compensation. Their primary goal is to identify and steal valuable information to resell on the dark web. Therefore, their attacks can be more dangerous if sensitive data falls into their hands.

Mitigating Risk

Both of these cyber-criminal types can be terrifying for a security-conscious small business, but there are steps small businesses can take to mitigate their risk of a successful attack. Attila recommends implementing these four must-dos in order to protect your small business from these criminals.

MUST-DO #1: Patch Your Systems 

Creating a comprehensive plan to update Windows and third-party applications is no longer optional for IT teams. Cyber criminals are known to exploit outdated patches in order to gain access to networks. In fact, according to the Ponemon Institute, 57% of cyber-attack victims report that they could have proactively prevented their attacks by installing an available patch, and 34% of these victims stated that they were aware that a vulnerability existed before they were attacked by it.

MUST-DO #2: Employ an Antivirus

To protect your end users when they receive malicious links or software, it’s essential that you have a strong managed antivirus in place.

To make your life easier, look for a software solution that lets you centrally manage both your patch management and antivirus from one platform. This provides a single-pane-of-glass view into your endpoint security, which can save your team valuable time.

 MUST-DO #3: Protect Your Passwords 

Look to employ a strong employee password management policy to protect your company against attacks. Consider investing in a password manager and multifactor authentication solution to hold employees accountable in creating strong passwords and provide a secondary checkpoint when an employee needs to access sensitive data.

In addition, it is critical to change default passwords on devices with an IP address. Most devices when purchased use a default password that cyber criminals exploit. Therefore, it is essential to change these default passwords while installing any device with an IP address.

MUST-DO #4: Educate Your Users

Cyber criminals will attempt to abuse the trust of your end users in order to gain access to your network. Therefore, it is essential to establish and educate your end users on protocols that they should follow for requests involving passwords or sensitive data.

For example, a cyber criminal may attempt to abuse tax season by emailing an HR representative pretending to be someone else in the company who needs sensitive employee data to process a request. The cyber criminal will then process employee tax returns as their own. Companies can avoid falling victim to this type of attack by having protocols in place, such as checking with a manager, prior to sending confidential data.

Preventing cyber crime can be overwhelming for a small business. However, by taking time to familiarize yourself with the motivations and security must-dos, you can set your small business up to be much more secure.

If you’re interested in hearing Attila talk about this topic in depth and getting more advanced security tips, please watch our on-demand webinar here.

Rebecca Stone is a Product Marketing Manager at LogMeIn. Her work focuses on understanding the IT solution market, specifically remote monitoring and management software for internal IT and MSPs. She comes from a background in market research consulting and tech, and she’s passionate about exploring the future of IT solutions.

This guest blog is part of a Channel Futures sponsorship.