For years, midmarket companies had the luxury of not being the primary target of cyberattacks. Recent events, like the rapid spread of the WannaCry ransomware, show that SMBs can no longer rely on larger targets attracting the attention of hackers.

Network security costs $178,000 a year for a typical mid-tier business, and this average budget is likely to grow. In addition to the rising cost of security solutions, SMBs also have to tackle the increasing number and frequency of threats while maintaining stricter compliance requirements.

These are the main cybersecurity challenges midmarket companies face:

Data theft

Your valuable trove of data includes employees’ personal information, customer payment details, and the proprietary designs or code fueling your company’s business. A network breach can result in data theft, but most companies overlook the threat of physical data theft.

Lower risks by educating employees about both threats, restricting access to sensitive data and monitoring your network for large downloads.

Network access

Phishing attacks can compromise your network. Hackers typically look for a human mistake by sending emails that ask for login credentials. Education is key to help employees can easily recognize these emails.

A network breach can also occur via a vendor like a cloud-service provider. Make sure your next IT vendor prioritizes safety.

Not using encryption

This technology turns data into a code. Users need a key to turn the code back into data. Full-disk encryption makes a USB key or a laptop useless if it is lost or stolen.

This practice is a powerful defense against data theft and limits damages if someone accesses your network, but a large percentage of companies still do not use it. A recent survey found that 31 percent of companies didn’t encrypt employee bank records and that 43 percent of companies do not always encrypt their HR records.


Asking employees to change their passwords regularly is not enough. Keylogger malware can capture this information and too many employees use the same password for several accounts.

Make your network safer by getting rid of old accounts, set different levels of access and look into two-factor authentication.

Malware, ransomware

You cannot completely protect your system from malware and ransomware. Your best line of defense is to update your OS and software as often as possible.

Put an IT specialist in charge of updates or schedule reminders for employees to download and install updates.

Backing up your data will protect you from ransomware and from a number of other problems, such as hardware failure. There are many affordable backup solutions for SMBs. These are a few of the features you should look for:

  • Choose how often you want to back up data to accomodate regular business operations.
  • Encrypt sensitive data.
  • Automatically back up a certain type of file or data placed in a specific location.

A majority of midmarket firms choose to outsource network security. Security-as-a-service is the preferred cybersecurity solution compared to managed security providers with 80 percent of IT and security executives preferring security-as-a-service.

SECaaS is typically a subscription-based model delivered over the cloud. A managed security provider operates in a manner similar to an ISP, and usually monitors a firm’s network and constructs a firewall. SECaaS providers are usually more flexible and affordable, which makes this approach more appealing for SMBs.