You often will see stories in the news about large organisations being the targets of cyber attacks, costing them millions of dollars. However, what people might not realise is that small businesses are just as much of a target as anyone. It is estimated that 38% of small businesses suffered a cyber breach or attack in 2021 with an average cost of £8,170 for those that lost data or assets, so if there was ever a time to act on this matter, it’s now.
What makes small businesses a target for cyber crime?
Small businesses can store large amounts of customers’ personal data stored that cybercriminals want to get their hands on. This data could include phone numbers and social media accounts, to driving licenses and bank details. If someone can obtain this data, it can be sold on the dark web for malicious activity. According to a new study from NordVPN, in just one dark web market, there were more than 720,000 items and data pieces illegally sold for £14.5 million.
Cybercriminals often attack small businesses that are associated with larger organisations to enter their network. Bigger businesses can have more advanced protections making them harder to hit, but they can sometimes go through a less well-defended partner. This is shown in the 2013 breach of the American company, Target, in which attackers gained access to credit card details through a vulnerability in a third-party vendor.
Small companies quite often have fewer resources and less money available to spend on cyber security which is another reason criminals will target them. A lack of resources may also lead to a lack of cyber security training. When there is a lack of awareness of what threats exist and what they look like, it can lead to simple mistakes being made which ultimately can be costly for small businesses.
Are small businesses’ cyber defences good enough?
Owners of any size businesses are understandably busy and have can a million and one things to think about when it comes to the day-to-day running of their company. “The cyber attacks statistics show that 34 per cent of respondents admitted to not having time to keep across every threat or alert, and 55 per cent of business owners said they often prioritise other business activities over cyber security-related issues.” If we think about it in a retail setting, the vast majority of shops will have a physical alarm system active every night to stop intruders. There needs to be a shift in business owners’ minds when it comes to cyber security.
As the whole world shifted due to the effects of the global pandemic, our working habits also changed. More and more companies were turning to remote working, which in turn heightened security risks to organisations. Without the protection of secure network connections and firewalls, employee endpoints are more at risk.
Key tasks to keep your business safe
- Update software – this is a basic, quick, and effective practice that you should always stay on top of, old versions of software can be vulnerable to attacks.
- Backing up data – this is something that can prevent data loss from an attack or even just faulty hardware etc.
- Training – as mentioned earlier, a lack of training around cyber security basics can hurt any organisation. Making sure all employees are clued up on the threats can make a world of difference.
- Password protection – another really simple step to take is regularly changing passwords and using password managers rather than storing passwords in locally saved documents, or writing them down
- Multifactor authentication – having multifactor authentication gives another layer of security
- Authentication policies – in another blog, we discuss the importance of authenticating users
- Secure networks
- Read the NCSC ‘Small Business Guide’ for advice on improving your organisation’s defences.
What are the common threats?
One of the greatest threats that small business face are phishing attacks. Phishing accounts for 90% of all breaches that organisations face. Phishing attacks are when an attacker pretends to be a genuine trusted source, attempting to get the user to click on a malicious link which will download malware or be directed to an unsafe website. Phishing attacks have developed over the years and have become increasingly convincing.
Ransomware attacks have become more prevalent over the last few years as it can be a very lucrative endeavour for the attacker. Ransomware is a form of malware designed to encrypt company data so that it is unusable. A ransom is then demanded to regain access. This payment is usually required to be paid in the form of cryptocurrency as it can provide anonymity for the person or group demanding the ransom. Monero is a popular choice amongst threat actors because every transaction is private and cannot be traced.
A common threat for small businesses is malware attacks. This could describe a variety of cyber threats like viruses or trojans. Malware is malicious code that allows hackers to gain access to networks, data theft and/or data destruction. Malware can originate from a variety of sources such as spam email, unsafe website downloads or connecting infected machines to a network. This can be especially problematic in the case of small companies as employees are more likely to work from their personal devices, which are more at risk from malicious downloads.
Get in touch today to have chat with our team of experts, we can advise on a whole spectrum of solutions to keep businesses safe. Our team of engineers have over 50 accreditations from various first-class vendors such as Check Point, LogRhythm, and Palo Alto, as well as holding a number of other vendor-neutral accreditations to their name.