This document discusses the risks small companies face from cyber attacks even though they think they are not important targets. It notes that while companies may think a hack will not happen, it is not a question of if but when. The consequences of a security failure include loss of trust, money, data, time to recover, and penalties. It then explores how non-critical applications and registration pages can still be vulnerable to hackers bypassing client-side restrictions and gaining database access, allowing them to change passwords or access sensitive information.