For small businesses, peak season can mean big business. It’s a chance to delight current and new customers with special offers and drive sales. But it’s also a profitable time for cybercriminals. The holiday season is when they are most active as they seek to capitalise on the sheer volume of online interactions between businesses and their customers.
A 2024 report from cybersecurity software leaders Bitdefender found that 77% of Black Friday-themed spam emails were classified as scams. That number was up from 70% in 2023. It’s an attack known as phishing – emails containing malicious links that attempt to induce people into revealing personal information such as credit card details and passwords.
Leaders must reframe cybersecurity as a protector of revenue and growth
But that’s not all. Cybercriminals use a variety of methods to target vulnerable businesses. Ransomware is software used to lock businesses out of their IT networks and demand money in exchange for access. Malware is also designed to gain unauthorised access to networks and devices to commit financial fraud, steal data or spread viruses.
The results can be devastating. Businesses can see their bank accounts emptied, supply chains brought to a halt and customer trust devastated overnight. But with many small businesses – and there are 5.5 million small businesses in the UK with less than 49 employees – focused on growth and servicing customers, many still don’t prioritise cybersecurity. Instead, it’s viewed as a technical chore, rather than a protector of revenue and growth.
Lock the door on your house and your business
Ramon Ray, small business ambassador at Bitdefender, says leaders must mentally reframe cybersecurity. “You lock the door on your house and your car because you’ve worked hard and invested money into them. You should do the same with your business,” he says. “Of course, you don’t have a physical lock, but you can easily use digital security software to provide 24-hour protection, so you can focus on running your business with peace of mind.”
Bitdefender serves as a software and education partner to make businesses aware of potential attacks and vigilant when dealing with suspicious activity. “If you walk down a dark street, you’d be more cautious and wary of where your wallet or phone is,” he explains. “With your business, you should constantly ask questions and scan for threats: does this link look suspicious? Was that invoice definitely from a supplier or could it be from a nefarious party?”
Education is also critical as cyberhackers use increasingly sophisticated and believable forms of deception to trick leaders and workers, but also customers. “Hackers look to capitalise on shopper excitement and anticipation,” explains Ray. “They will often seek out smaller vendors with good traffic and create fake websites that will look exactly like the real thing. Customers can then be tricked into handing over their credit card information.”
Password management, VPNs & scanning
Once education is in place, businesses can begin to upgrade their defences using Bitdefender’s software. Password management is a critical starting point. It remains one of the most common ways hackers compromise businesses. A 2024 report by Bitdefender revealed that 37% of respondents admitted to writing down their passwords, while 18.7% use the same password for three or more accounts and just 22.7% use a password manager. Bitdefender’s software includes a password manager to house and protect every password, a service that is offered to every employee in the organisation.
Active scanning is another essential tool that checks links in documents and websites for potential threats. It then alerts users when they click on a suspicious link or blocks access to infected websites. “I have this active on my smartphone now,” says Ray. “Some leaders forget that their businesses aren’t just on company laptops, they’re being run on their employees’ smartphones, so you need to have that round-the-clock protection.”
With many businesses now remote or operating hybrid working environments, public Wi-Fi can also create potential vulnerabilities. But Bitdefender uses an in-built VPN (virtual private network) to protect users’ data at all times. “The VPN basically creates a tunnel around your data,” Ray explains. “This means that when you’re in a coffee shop or public space, hackers can’t steal your data or passwords.”
Why AI is a both problem and a solution
But the rise of AI presents another growing problem. The technology is giving criminals the power to create malicious and highly successful phishing campaigns. A study by Cornell University found that a spear phishing campaign created using LLMs resulted in a 56% email open rate, compared to 54% when legitimate campaigns were launched by humans. The LLM also automated the entire process and even created vulnerability profiles for each target.
If that wasn’t frightening enough for small business owners, deepfakes are another AI-generated threat on the rise. Deepfakes are a form of synthetic media that enable the creation of highly-realistic audio, images or video. These are used to imitate real customers, employees or suppliers and trick businesses into handing over sensitive information or even cash.
But AI is also part of the solution. Bitdefender’s security solutions use automated and AI-assisted scam detection capabilities, trained to spot scams targeting small businesses and keep employees safe from scammers.
With the holiday season fast approaching and threats constantly evolving, it’s clear that small businesses need to make cybersecurity a priority. Ray says leaders can easily do so, without being distracted from sales and growth. “Bitdefender is designed to constantly push updates to itself,” he adds. “The software will protect you in the background – it’s like life insurance for businesses.”
Stronger security means more space to grow. Learn how to safeguard your small business today.
For small businesses, peak season can mean big business. It’s a chance to delight current and new customers with special offers and drive sales. But it’s also a profitable time for cybercriminals. The holiday season is when they are most active as they seek to capitalise on the sheer volume of online interactions between businesses and their customers.
A 2024 report from cybersecurity software leaders Bitdefender found that 77% of Black Friday-themed spam emails were classified as scams. That number was up from 70% in 2023. It’s an attack known as phishing - emails containing malicious links that attempt to induce people into revealing personal information such as credit card details and passwords.
Leaders must reframe cybersecurity as a protector of revenue and growth
