Last year, a member of staff at Blackburn-based vehicle hire company MNH Platinum clicked an email link. The link opened a virus that encrypted more than 12,000 files on the company’s network. Soon after came a message – pay the attacker £3,000 or lose the files forever.
MNH Platinum was lucky: the UK government estimates that the vast majority of digital attacks will cost the a business between £75,000 and £311,000. The company put its breach down to a lack of awareness, and it’s not alone.
The Problem With SMEs
Small and medium-sized businesses (SMEs) tend to think they’re safe from cybercrime because they’re ‘small fish’, not realising that smaller fish have more predators. Barclaycard recently published a survey of more than 250 small businesses on their readiness for cyber attacks, and confirmed the existence of a disconnect: SMEs know cybercrime is a problem, but aren’t doing anything about it.
48% of respondents were victims of a cybercrime in the past year, and 10% had suffered more than four attacks. Despite this, only 16% reviewed their security afterwards, and only 20% even ranked cybersecurity as a priority.
Experts suggest that SMEs are becoming cyber criminals’ favourite targets. In 2015, 74% of small businesses in the UK reported a cybersecurity breach. This is because although large companies have more to steal, they also have dedicated teams of security experts. The average SME doesn’t have the man-power to run 24-hour network monitoring or system checks.
Although there’s a cybercrime for everyone, there are a few styles in particular that SMEs should be on the lookout for.
- Ransomware: a virus like that MNH Platinum encountered, designed to encrypt files and ransom a company to reverse the damage.
- Hack Attack: a criminal accesses a business’ network and takes customer data – credit card information in particular.
- CEO Fraud: In this more sophisticated take on the Nigerian Prince scam, the attacker poses as a CEO or similar figurehead via email, tricking staff members to transfer them money.
- Denial of Service Attack: a company’s server is overwhelmed with data, so its network and website crashes. This attack is both easier to carry out and harder to defend against than the other crimes listed; seeking expert advice is recommended.
These are the major threats to small businesses, but is in no way an exhaustive list. There are nearly countless ways to attack a company’s website or network.
The price of a cyber attack isn’t just what is stolen. In addition to lost revenue, a company can have to pay fines for its victimhood: in 2018, the EU’s Data Protection Regulation will mean that companies can be fined up to €20 million (or 4% of annual revenue) for allowing a breach to compromise their customer data.
In addition to this, the threat of a damaged reputation should be enough to scare SMEs into increasing security. Maintaining a loyal customer base and a good word-of-mouth reputation is integral to the survival of a small business without instant brand identification.
Another recent survey of London-based consumers proved that cybersecurity is an important factor in choosing which company they trust with their data. 48% of responding consumers were extremely concerned about their data being stolen, and only 9% thought that SMEs were adequately prepared for a cyber attack.
The cyber skills talent pool is essential for both the public and private sectors as we face the reality of increasing cyber threats.”- Minister Ed Vaizey
The technological talent pool is the UK and Europe is one of the best in the world, so the key to SME cyber security is the hands of the businesses themselves.
In the past couple of years the UK Government has been trying to address the problem of awareness and poor cyber education. It has created a detailed guide on the threat cybercrime poses, and some simple ways to avoid being a victim; 80% of cyber breaches could be stopped with very basic measures.
In July last year the government also launched an incentive programme for SMEs to improve their security: it will fund businesses up to £5,000 to invest in advice and upgrades on their cyber security and intellectual property protection.
It is the job of cyber security experts to constantly be a step ahead of criminals; and by specialising in security for law firms in particular we’re able to stay on top. CBSIT can do a full security review and recommend basic measures, as well as help you set up a more advanced system of protection. We can even run your system for you, locally or remotely.