Skip to main content
Password
6 min read

Cyber Security: Why It Matters To Small Businesses

Small businesses are increasingly becoming the target of cyber criminals who see them as a soft touch because they often neglect to put robust security measures in place.

If you are a sole trader or a small business, you may not think that your computer system is of interest to international criminals. However, your data and that of your customers is extremely valuable and a data breach could cause you huge financial and reputational damage.

According to the latest Hiscox Cyber Readiness report, 61% of firms have reported to suffer one or more cyber-attacks in the past year. Among firms reporting attacks, average losses associated with all cyber incidents have risen from £180,000 last year to £291,000.

 

A guide to keeping your data safe

National Cyber Security Centre has just updated its Small Business Guide. It covers all aspects of data security for SMEs, including backing up data, keeping computers, laptops and smartphones safe, protecting against malware and phishing attacks, and using better passwords.

It’s important for SMEs and sole traders to be aware of the simple steps they can take to protect themselves. If you employ staff, even if they work part-time, it is essential that they too are aware of the importance of following the guidelines as many data breaches are due to simple human error.

 

Why data security matters

Criminals are out to exploit any weakness in your security systems and SMEs can be a target because they offer a route into other, larger, organisations, says Del Heppenstall, a director of KPMG in the UK and a security expert with 20 years’ direct experience in Information and Cyber Security.

“Phishing, ransomware, malware – SMEs will receive these attacks indiscriminately,” he says. “Cybercriminals now do their own investigations and look at where an organisation is in the supply chain. They try to identify businesses that might be providing services to a bigger party. In this way, SMEs are often seen as a route into bigger organisations.”

This might be in the form of accessing your inbox and sending malicious emails to clients, who will trust the email because it appears to come from you. It might also cause you reputational and financial damage as a result, he says.

“Data breaches happen to companies of all shapes and sizes — they just don’t make the headlines,” says Bruce Penson, Managing Director of Pro Drive IT. If you are a service-led business – such as an accountancy practice – then this makes you an even more attractive target to hackers, as you are likely to hold masses of personal client data.

 

Photo of Out of Focus IT Technician Turning on Data Server.

 

Without the resources of the big companies, you are unlikely to have as robust security measures in place to protect it. Cyber criminals know this.

“In the underground world of the dark web, it’s not just money criminals are after,” he says. “Data is extremely valuable too. So, if hackers can find a more straightforward way to access it, why wouldn’t they use it? Unfortunately, businesses like these are often seen as an easy and highly attractive target.”

It’s a big issue and one that could cost your business dearly — both financially and in terms of your reputation, he says. Plus, since the introduction of more stringent laws under GDPR, government advertising and several highly publicised cases, your clients will want to know theirs is safe with you.

“When it comes to cybersecurity, SMEs are the soft underbelly of the business world,” Paul Rose, CISO at Six Degrees. “In fact, SMEs are becoming an increasingly lucrative target for hackers. Social engineering and CEO fraud are a big problem, as SMEs often don’t have the same level of governance in place as large enterprises. And SMEs may also be targeted for their connections to a larger company – third party suppliers are often the weak link in an organisation’s cybersecurity chain.”

So what can you do? He says the first step is to acknowledge that the risk is real, and increasing. Then complete a risk assessment and create a cybersecurity strategy. After that, provide training to all staff so that they know how to deal with incidents, and have a plan if the worse happens and you need to respond to an incident or put business continuity plans in place.

When it comes to cybersecurity, SMEs are the soft underbelly of the business world.

Paul Rose CISO at Six Degrees

What threats are you likely to face?

“The cybersecurity threats experienced by small and medium enterprises are largely no different than those experienced in the public sector or by large global organisations,” says Tim Mackey, Principal Security Strategist, Synopsys CyRC (Cybersecurity Research Center).

Phishing, ransomware and infrastructure attacks rarely have a specific target in mind making the success of those types of attacks fundamentally a numbers game, he says.

“This is in contrast to an attack on the users and customers of a business. In targeting the user base, attackers must specifically invest in crafting an attack which looks like a legitimate communication from the target to their users. So while an IT organisation can design defensive measures against attacks targeting their employees and infrastructure, attacks targeting business operations are more problematic.”

He says that an emerging threat comes from small businesses are foregoing the traditional IT department in favour of cloud service. “If those cloud services aren’t defending against the types of threats the organisation expects, then a false sense of security can be created.”

Ransomware could completely prevent an organization from doing business, says Thomas Richards, principal consultant at Synopsys. “This has proven to be a successful business model for cyber criminals, and not one they will likely give up in the short-term. Make sure all corporate data is backed up with a tested business continuity plan in place.”

“It’s no secret that humans are the weakest link, but the recent Verizon Data Breaches Investigations Report, suggested that some 90% of breaches start with a phishing or social engineering attack,” says Jonathan Whitley, director for Northern Europe at WatchGuard Technologies. “The other major user problem is stolen or weak passwords.”

 

Key steps to protecting your business from cyber crime

  1. Back up your data: Think about how much you rely on your business-critical data, such as customer details, quotes, orders, and payment details. Now imagine how long you would be able to operate without them. If you have backups of your data that you can quickly recover, you can’t be blackmailed by ransomware attacks.
  2. Protect your business from malware: Make sure you install and turn on antivirus software, guard against harmful apps, install security updates, and install a firewall.
  3. Keep your smartphones and tablets safe: Malware is just as much a threat as it is to your PCs. Don’t connect to the Internet using unknown wifi hotspots, and instead use your mobile 3G or 4G mobile network, which will have built-in security.
  4. Use robust passwords: Make sure they can’t be guessed from the information you have available on social networks.
  5. Avoid phishing attacks: Be aware that many threats come in the form of seemingly innocuous emails. You should configure your staff accounts in advance using the principle of ‘least privilege’. This means giving staff the lowest level of user rights required to perform their jobs, so if they are the victim of a phishing attack, the potential damage is reduced.

 


 

Cyber criminals are constantly looking for weaknesses in your systems, but by training your staff to be careful of suspicious communications or emails, keeping up to date with software patches and making sure passwords are robust and secure, you can protect yourself against many of the common methods of attack.

Share this content
Marianne Curphey

Marianne Curphey is an award-winning financial writer and columnist, and author of the book How Money Works. She worked as City Editor at The Guardian, deputy editor of Guardian online, and has worked for The Times, Telegraph and BBC.

Comments (1)

  1. commented on

    Good article

Leave a Reply

Register with Informi today:

  • Join over 20,000 like-minded business professionals
  • Create your own personalised account with curated reading lists and checklists
  • Access exclusive resources including business plans, templates, and tax calculators
  • Receive the latest business advice and insights from Informi
  • Join in the discussion through the comments section

or

I’ve been working through the how to start a business in 20 days ebook and so many of the things I’d done are now nicely tied together and some gaps now filled. I love the simplicity. Thank you.

Sarah Gosling – Gosling Charity Consulting

I love receiving my Informi emails. They’re always well written and engaging.

Jennifer Hobson – JEH Bookkeeping