A guide to endpoint threats and breaches for small business owners.

Three Threats All SMB Owners Should Know About

An endpoint is any remote device accessing your business network. This may include phones, laptops, tablets, watches, or any other mobile computing device.

These endpoints are easy targets for cybercriminals. Mobile devices connect not only to the corporate network, but to home networks and even third party networks (like coffee shops). Some networks are more secure than others, meaning user activity isn’t always protected by a firewall or anti-virus tool.

More importantly the nature of mobile devices means endpoints are used for many purposes, and to access many types of content. There’s no guessing what surprises are looking for a way to access the endpoints on your network.

When cyberattackers successfully access any one of the mobile devices on your network, you’ve experienced an endpoint breach. The attack can be deterred by a firewall or anti-virus monitoring for known viruses or attacks. However, unknown attacks (new ones seem to appear weekly) can infiltrate a SMB’s defenses and infect a device (aka the endpoint). Once this happens, the infiltration can impact your company network.

Endpoint breaches come from ‘malware’: any software with the intention of stealing something from your company network. The most common types of endpoint breaches SMBs may experience come from the following malware threats:

  • Ransomware
  • Phishing
  • Out-of-date Software

Ransomware is malicious software that blocks user access a network. That means employees won’t be able to access the network, including software and files. A cyberattacker holds the data or network hostage and requires a ransom payment for safe return of the data/network. If the ransom demands are not met, the cyber attacker may publish your dataauction it off to the higher bidder, or simply go underground until a later date.

Ransomware finds its way onto a network via an email attachment, via attachments sent on social media or via pop-ups. Each message relies on an individual user to interpret a message and open a file. The ransomware will be cleverly disguised as something your team expects to receive, like an invoice or quote.

Upon opening the attachment, the ransomware spreads throughout a network and starts to lockdown resources. These resources will not be available again until the attacker releases them.

While some businesses pay the demanded ransom in order to restore their network, others do not. They may chose to restore their network from backup copy, and face the repercussions presented by the attackers. However, if sensitive data is released to the public, even a company who restores their network may not be able to restore their reputation – or repay any fines related to the breach.


Phishing scams have one goal: to trick users to give them access to sensitive data. The scams cost little to deploy, but result in huge gains for the attackers. To make matters worse: many users don’t know to look out for scam emails.

The key element in the phishing campaign is user awareness.

Phishing campaigns depend on an individual user’s response to an email. This email will appear in the user’s inbox, and appears to be from a trusted source (like a bank, regulatory body or insurer). The email will direct the user to open an attachment. The attachment may look like a known and trusted file, often in PDF or jpeg formats.

Once the user opens the attachment, an attack is unleashed. At first, it lives on the individual user’s device. Soon, it will spread into the network environment. When it does, it may disrupt operations, slow down your workflow and ultimately destroy your reputation.

Phishing campaigns rely on a number of tactics – from tracking key strokes to redirecting users to fake sites to spying on users or tricking users into giving away sensitive data. The cybercriminals benefit by stealing an individual’s identity, scamming a company into paying fraudulent invoices, or selling sensitive data on the dark web.

One particular type of phishing is far more targeted: spear phishing. In these attacks, cybercriminals conduct sufficient research, develop relationships with an individual or pretend to be a collaborator within an organization. When an individual user is asked by the attacker for something particular, for instance sensitive material, they are more likely to provide it. The request seems legitimate. This is the type of attack the City of Ottawa experienced in 2018, when the city treasurer paid an invoice ‘as requested’ by their manager. Only: it was a cyber attacker making the request from a city domain…not the boss.

Out-of-date Software

Endpoint breach threatens SMB network

Software companies regularly update their products. However, users don’t regularly comply and update their networks or endpoints. As a result, many endpoints are left exposed to new threats.

Cybercriminals are crafty. They are constantly looking for new – and easy – ways to access corporate networks so that they may exact a price. These criminals are persistent in looking for gaps in software security. When they find them, they leverage them. Accessing these unpatched networks provides cybercriminals with access to endpoints on your network, and possibly the network itself. Like ransomware and phishing attacks, out-of-date software can provide attackers a gateway to your sensitive company and user data.

Unlike ransomware and phishing attacks, the solution to out-of-date is not entirely dependent on the user. It depends on updating the entire network, and prompting individual users to update their endpoints with the most up-to-date software. In this age of remote working, this does require employees to collaborate and keep their software and devices up to date.

Protection from Endpoint Breaches

In the not-so-distant past, cybercriminals focused exclusively on large businesses. Now, as small and medium businesses do more business online, opportunities for cyberattacks abound. Add distributed workforces into the mix, and the possibility of extracting valuable data from an attack grows exponentially.

That’s where endpoint security comes into play. Endpoint security doesn’t prevent an intruder from coming through the gate. That’s the job of a firewall or anti-virus tool. Endpoint security monitors what’s happening on individual devices and notes when an unknown process begins.

That means endpoint security catches and quarantines endpoint intrusions before they can damage your network or business.

As a small business owner, the possibility of a breach and prevention might all seem a bit much. If you’re running your own business and managing IT…monitoring endpoints is just another burden.

Introducing Managed Endpoint Response

Managed endpoint response solutions support small business owners by taking over the responsibility for monitoring endpoints. A team of expert analysts use specialized tools to monitor a network and ensure that only the desired processes operate in the network environment.

CYDEF was built specifically to support small and medium enterprises doing business online. Frustrated with the lack of attention on risks facing small businesses, the founders created a tool and service that works for small and large organizations alike. The solution combines machine learning with human intervention, providing endpoint protection without the massive overhead. Learn more about our history and how we can support your SMB.