Cyberattacks on big companies often make headlines, but some 43% of all cyberattacks actually target SMBs, according to data compiled by SCORE. Macro malware is the most impactful form of cybercrime affecting SMBs currently, according to a press release announcing the findings.

In 2017 alone, SMBs faced 113,000 incidents of macro malware, the release said. Macro malware is often found in malicious email attachments, appearing as a word processing document or similarly familiar type of file.

Of the 269 billion emails sent and received last year, 39% were spam, the release said. Small business owners and security pros can protect themselves from these macro malware attacks in two specific ways. The first, which is obvious, is to avoid downloading attachments from unknown senders. Secondly, though, one can disable macros in Microsoft applications as a further form of protection.

SEE: Information security policy (Tech Pro Research)

Online banking attacks were also prevalent among SMBs last year. These attacks often use malware to steal account credentials or credit card data. To protect themselves, SMB owners should directly type in the bank’s website address and double check it before visiting, while also enabling multi-step authentication on their online banking account.

Ransomware is also still alive and well. In 2017, SMBs were affected by 54,000 ransomware incidents, the release said. Ransomware is a form of malware that, once downloaded, encrypts a victim’s files until a monetary ransom is paid–often in cryptocurrency. However, many experts recommend not paying the ransom, as only 19% of victims who pay actually get their data unlocked.

The ransom cost, on average, is relatively low, the release said, at $1,077. However, when the opportunity and recovery costs are factored in, that amount jumps to $133,000, the release noted, which could be unsustainable for many SMBs.

To stay safe, SMBs can “protect themselves by ignoring suspicious emails with urgent requests for personal information, avoiding opening emails from unknown contacts, and regularly updating software to patch vulnerabilities,” the release said.

The big takeaways for tech leaders:

  • 43% of all cyberattacks target small businesses. — SCORE, 2018
  • SMBs were affected by 113,000 incidents of macro malware in 2017. — SCORE, 2018