Post By First Internet on September 20, 2021

5 main cybersecurity risks to medium sized businesses and how to avoid them

A laptop with padlock images overlayed

As businesses of all sizes rely increasingly on IT systems and the internet to perform mission-critical operations, cybersecurity risks inevitably rise too.

This makes IT security a primary consideration for any growing business, and especially for medium sized businesses who represent a juicy prospect for would-be attackers, but might not yet have enterprise-level security systems in place.

Here are five of the biggest cybersecurity risks to medium sized businesses and some of the measures you can put in place to mitigate those risks.

Email attacks

Anything that crosses the perimeter of your network poses a specific threat. Incoming email should be thoroughly scanned for infections, but employees should also exercise caution when opening file attachments or clicking external links.

Good IT security means encouraging ongoing vigilance from all personnel. One wrong click on a link without first checking the destination URL is all it takes to open a back door to hackers.

By instilling awareness of security in employees, you can also protect against being compromised due to avoidable human error, such as an individual revealing passwords or IP addresses via a phishing attack.


Ransomware is one of the most disruptive forms of malware, which is why we’ve listed it separately in this shortlist of the biggest cybersecurity risks for medium sized businesses.

A single compromised link or file can encrypt your entire file system, with attackers demanding tens of thousands of dollars in cryptocurrency to provide a decryption key – and no guarantee they will do so, even if you pay.

Prevention is the better option here, and iron-clad network firewalls and server security all help to reduce the risk of ransomware finding its way on to your company network.  It is also worth creating a proper backup and disaster recovery plan, to ensure business continuity should the worst occur.


Malware – computer viruses such as trojans – is still a significant threat and worth protecting against, especially as there are comprehensive real-time protection methods for businesses of all sizes.

Good antivirus software offers real-time monitoring of your file system, with regularly updated virus definitions, to safeguard against new threats as they emerge and are identified.

APH’s ESET Endpoint Protection solution, available as part of our managed IT services, gives our clients the highest level of protection against potential virus infections.

Mobile devices

We use more and more mobile devices, ranging from smartphones and tablets, to portable storage devices like USB pen drives and external hard drives.

These represent a physical threat, as devices may be transported across your network perimeter and connected to other devices, networks or the public internet from another location.

Make sure your employees understand the risks associated with doing this and, where possible, ensure portable storage cannot be connected directly to your firewalled network without being thoroughly scanned for infected files first.

Insider actions

Malicious activity by employees is one of the most difficult risks to protect against. By definition, ‘insiders’ have access to your systems and authorisation to view and edit files that would be restricted to outsiders.

To prevent this risk from becoming a reality, you need to encourage a culture of security among your employees, not only through training but as an ingrained part of your daily operations.

You can combine this with the methods of IT security already mentioned above, to detect and report any causes for concern, and to proactively prevent deliberate insider attacks from compromising your network security.

To find out more about any of our managed cyber security solutions or to request a quote, please contact APH today and we will be happy to help.

  • This field is for validation purposes and should be left unchanged.