Key Takeaways More than 40% of cyber attacks are aimed at small businesses.

Hackers see SMBs as having weaker entry points than large corporations.

A secure network can block up to 97% of malicious traffic before it enters a system.

With over 20 years of experience, Senthil Ramakrishnan, who leads AT&T’s Cybersecurity Product Strategy, has seen attacks become more and more sophisticated, and urges small business owners not to fall into the trap of believing that they are too small to be targeted by criminals. “More than 40% of attacks target SMBs,” he told Entrepreneur.

Ramakrishnan is passionate about security — “Our country’s supply chain is built on the shoulders of these SMBs, and it is critical to help keep them secure,” he says. Here, he shares the best practices you can use to educate yourself and your team to prevent criminals from taking away the business you worked so hard to launch.

What is the biggest threat SMBs face?

The biggest cyber threat to small businesses is the common belief that they are a small or insignificant target for hackers, which I call “the Small Target illusion.” But SMBs are targets for cyber threats because hackers see them as weaker entry points, because it’s assumed they don’t have IT teams or don’t have an enterprise-level security system in place. SMBs are mainly targets for ransomware and phishing-type attacks.

The best way SMBs can protect themselves is not at the customer edge, but at the network level – having a secure perimeter stops threats before they get close. AT&T’s Dynamic Defense has threat detection and protection in place where the network edge meets the internet. This strategy allows businesses to block up to 97% of malicious traffic before it ever even enters their network.

How big a problem is this?

A single breach costs enterprises an average of $4.45 million, according to IBM’s Cost of a Data Breach Report, with costs often underestimated by 3X to 5X due to unplanned downtime, compliance investigations, customer attrition, and brand devaluation. Cybersecurity Ventures projects global cybercrime damages to reach $20 trillion by 2030.

What are some of the best practices to protect yourself?

Start with your network. Think of your business as a house, and your network as your front gate. You wouldn’t wait until an intruder is at your doorstep to act — you’d want security at the perimeter, stopping threats before they get close. The same concept applies to cybersecurity — securing the network at the first entry point is the most effective way for SMBs to reduce risk without adding complexity. This strategy allows businesses to block up to 97% of malicious traffic before it ever even enters their network.

What is a misstep you see many SMBs making?

We see many businesses trying to solve security gaps by buying insurance, but insurance doesn’t prevent an attack. If you don’t know your risk posture, you won’t know how to defend against threats effectively.

So many SMBs rely on third parties to scale. How do you make sure you have partners who won’t expose you to an attack?

SMBs have to work with several partners to run their business. You should look for their security certifications (SOC 2, ISO, NIST, etc.), security controls in place, and whether they audit their security controls often. Many of the larger attacks over the last decade have originated from a partner or third party that has limited security protections. Security needs also change as you or a partner scales. Make sure that the tools being used are also able to scale.

And how do you communicate to partners and customers that you are up to date on security measures?

Highlight your cybersecurity measures—such as end-to-end encryption, secure payment gateways, and threat detection—as part of your brand identity. Include a ‘Your Data Is Safe With Us’ section on your website to build customer confidence. Display badges for SOC 2, ISO 27001, or cyber risk ratings on your homepage and marketing materials. These certifications demonstrate your commitment to data protection and can be used in sales presentations and customer onboarding. Train your sales team to emphasize how your cybersecurity measures protect customer data and reduce risk. This is especially effective in industries like finance, healthcare, and e-commerce, where trust is critical.

Security builds trust, and trust builds loyalty. Customers who feel their data is protected are more likely to stay, refer others, and expand their engagement. Reinforce your commitment through regular security updates and education.