What are the most underrated cybersecurity threats for small businesses in 2025?

Most cybersecurity content focuses on enterprise-level threats, but small businesses are actually the most vulnerable — and often the least prepared. I've been researching this area and the threats that worry me most for small businesses are NOT the obvious ones like ransomware. The underrated ones are: 1. **Business Email Compromise (BEC)** — Attackers impersonate your CEO or CFO via email and trick employees into transferring money. No malware needed. 2. **Supply chain attacks** — Your software vendors get hacked and the malware comes through legitimate software updates. 3. **SIM swapping** — Attackers convince your carrier to transfer your phone number, bypassing 2FA. 4. **AI-powered phishing** — Phishing emails are now personalized and grammatically perfect because attackers use AI to write them. What threats are you most concerned about? And what practical steps have you taken to protect your business? I'm especially interested in low-cost security measures that actually work for businesses without a dedicated IT team.