Stressed small-business owner dealing with a computer virus.

Cybersecurity for organizations with limited resources

7 steps to secure your data and systems

ByJenna Hardie
May 22, 20254 min read

KEY POINTS

  • Increased vulnerability: Small businesses and nonprofits are attractive targets for cybercriminals due to weaker security practices.
  • Financial impact: Cyber breaches can cost small organizations between $120,000 to $1.24 million.
  • Protection steps: Regular software updates, strong password policies, antivirus protection, employee training and secure Wi-Fi networks are crucial to protect your organization.

It's a widely held belief that only large corporations are targeted by cybercriminals, but that couldn't be further from the truth. In reality, smaller businesses and nonprofits are increasingly targeted by cyberattacks—yet only a fraction have comprehensive security measures in place.

“Smaller organizations are an attractive target for online criminals because of potential vulnerabilities caused by weaker security practices,” said Paul Tucker, chief information security and privacy officer at BOK Financial®. In fact, data revealed that small businesses are nearly four times as likely to be attacked than larger organizations, according to the Verizon Business 2025 Data Breach Investigation Report.

According to Tucker, cybercriminals know that smaller organizations may store valuable customer data, intellectual property and financial information while lacking the sophisticated defense systems of larger enterprises, creating an opportunity for potentially lucrative attacks with less resistance.

The true cost of a breach varies, but IBM recently estimated that the average small organization can expect to pay $120,000 to $1.24 million to respond to and resolve a cyber or fraud issue.

“Small businesses and organizations might not have a dedicated team in place to constantly monitor potential vulnerabilities and address them, which likely leaves them more vulnerable to attacks,” Tucker said.

Many of these organizations recognize these challenges. According to the U.S. Chamber of Commerce, 60% of small businesses say that cybersecurity threats—including malware, phishing and ransomware—are their biggest concern.

Types of cyberattacks by business size

Graph showing types of cyberattacks by business size
There is a stark difference in the number of malware attacks by business size, particularly the frequency of ransomware attacks. Smaller organizations experience ransomware-related attacks, which account for 88% of breaches, while ransomware only accounts for 39% of large businesses' breaches.
Source: Verizon Business 2025 Data Breach Investigation Report

 

Impacts of cyber breaches or fraud scams
Victimized small businesses and nonprofits can suffer significant financial losses, as well as:

  • Reputational damage from the erosion of customer trust, which can lead to lost sales and customers.
  • Operational disruptions to the day-to-day functions of the organization, especially when systems are down and payments can’t be made.
  • Legal and compliance issues, which can lead to additional financial loss in the form of fines and lawsuits (especially if sensitive customer data is compromised).
  • Increased insurance premiums that can make it more difficult for small businesses and nonprofits to secure adequate protection for their organization.

7 steps to protect your organization
Protecting critical data and systems is vital to an organization, according to Tucker. Without a full-time IT team, company leaders must take the following steps to protect valuable data and systems:

  • Perform regular software updates across your applications and tools that you regularly use. “Often, these updates include security patches that help protect sensitive data from cybercriminals,” Tucker said.
  • Establish a strong password policy across the organization. This might entail a mix of upper/lower case letters, numbers and symbols, with regular required password changes. (Bonus: Ensure your applications and accounts are protected with multi-factor authentication [MFA], which includes a second form of identification to access an account, such as facial recognition, SMS or a passcode).
  • Invest in antivirus protection to detect and block malware that can be installed through phishing attacks across your platforms to steal your data.
  • Train your employees (and create a culture of safety across the organization). Possible subjects might include how to confidently spot a phishing scam, password protection training, data privacy best practices and safe online practices. (Bonus: Read more about how to protect personal data.)
  • Secure your Wi-Fi networks. Encrypt information and use a firewall to protect your data from outside sources. Ensure your Wi-Fi network is secure (password protected) and hidden.
  • Backup your data regularly, which will make it easier to recover if an attack does occur. Consider on-premises, cloud or hybrid solutions ranging from simple, cost-effective hard drives to software applications. They can enable automatic updates for software to streamline that process.
  • Consider hiring a managed services provider (MSP) that can provide ongoing monitoring and maintenance of your technology systems to help ensure your data is protected.

Learn more about BOK Financial's online security or call 844-517-3308 to report suspicious activity on BOK Financial-related accounts. The Cybersecurity and Infrastructure Security Agency also keeps an up-to-date list of current threats.

Topics
Subscribe

Related Content