Cybercrime is expected to cost UK businesses £21 billion in 2020. Despite that staggering amount and the continued rise in cyber attacks many businesses are still not considering cybersecurity a priority.
Not having the right cybersecurity in place will cost your business money, time and result in lost sensitive information. Nearly half the all UK businesses were hit by at least one cyberattack in 2019. Sadly, it's becoming a case of if not when you're business will be hit.
In this article, we are going to cover why small businesses should pay attention to cybersecurity and then give you some proactive steps you can take to protect your business.
Why do small businesses need cybersecurity?
Small businesses are facing cyberattacks every day. A report by the Cabinet Office shows that the cost of cybercrime is expected to reach £21 billion by the end of the year.
While you will see plenty of media reports focusing on breaches of massive companies, small businesses are the new frontier for cybercriminals. A recent Verizon data breach report said small businesses are the target of 43% of cyber-attacks.
The results of a successful cyber attack can be devastating. One report suggests that 60 per cent of small businesses fold within six months of a cyber attack.
Why are small businesses vulnerable to cyberattacks?
Here are some of the common reasons small businesses are vulnerable to cyber attacks:
They can't afford dedicated IT staff
If they can, then training and budgets are often inadequate. It’s potentially worth exploring a managed IT services provider for your business. They offer deeper expertise and full-time availability and work out cheaper than having a full time IT employee.
Inadequate or non-existent computer and network security
Small businesses can’t respond to threats quickly enough or can’t detect them at all. This makes them 'low hanging' fruit for a cyber-criminal.
Lack of a backup plan
Many small businesses aren't backing up their data correctly. They aren't using cloud services to back up their data offsite and they aren't making sure they backup their data regularly.
Employees unknowingly help cybercriminals attack businesses
Staff members need to be more aware of attack methods as varied as social engineering calls and email scams. 88 per cent of UK data breaches are caused by human error.
Small businesses are comparatively easy to attack
Hackers can find entry points to access valuable customer financial data more readily because of the absence of protection. Criminals can also use the business’ credentials to attack larger targets like suppliers and financial institutions.
What are some common cybersecurity threats for small businesses?
So you know you have a better idea of why small businesses are a target for cybercriminals we can look at what the threats are to your business.
Email and phishing scams
Cybercriminals use email and text messages to hook their victims. Fake, official-looking information asks victims to click on a link to a web page and then enter sensitive financial and personal data. Criminals use the data for identity theft or resale.
Cybercriminals can get access to passwords by tapping into databases, looking at servers to find unencrypted passwords, and using email, text messages or social engineering.
Denial of service (DOS), SQL injection and drive-by attacks target websites and servers. DOS attacks overload system resources so they can’t handle the volume of service requests. SQL attacks read and modify sensitive data in databases. Drive-by attacks plant malicious code that will infect a visitor’s system to capture and transmit their sensitive data.
These attacks involve hackers intercepting data from a victim on a fake page. These attacks also use phishing.
Social engineering attacks
These attacks involve human interactions to acquire sensitive information. This can include attacks like phishing and spear-phishing but also physical activities. We have a full guide on social engineering.
Tips for securing your small business from cybersecurity threats
You know why your business is a target and you now know how you will be targeted. So what can you do about it? Here are some tips to help protect your business and improve your cybersecurity.
Assess risks and vulnerabilities
First, you need to understand the current state of your cybersecurity and IT infrastructure. Use an outside consult, such as an IT provider, to test your systems. We have created a free IT audit that will health check your business technology.
Have a plan for devices
You and employees are likely accessing business data from multiple devices, especially while many continue to still work remotely. While it’s convenient to check work emails on your phone, that also opens up a potential vulnerability. Be sure you’re incorporating mobile device security into your cybersecurity plans.
Educate your staff
Make sure your employees are aware of cybersecurity threats and security policies. This is something you will have to continuously update because cybercrime and the threats continue to evolve. A recent study by GetApp shows that 43 per cent of employees don’t receive regular data security training.
Use strong passwords
It’s prudent to make all passwords strong and unique. Additionally, use different passwords for different accounts. Make using strong random passwords containing letters, numbers, symbols and special characters mandatory. We have a guide to help you create strong passwords.
Use multi-factor authentication
An increasing number of apps and e-commerce websites use two-factor authentication to verify a user’s identity. Users receive a code by email or text and enter it along with their password to gain access. Find out more information about multi-factor authentication here.
Update your software and systems regularly
Make sure you’re running the latest versions and security patches. Properly configure network security and use antivirus software. Hackers use known vulnerabilities in software to gain access. Updates are built to fix those vulnerabilities.
Backup all your data
Use an offsite cloud provider in addition to an on-site backup. Test your backup regularly and have a plan to recover your data.
Consider Cyber Essentials
Cyber Essentials is a Government-backed scheme to help raise the standard of Cybersecurity in UK business. Our guide tells you everything you need to know about Cyber Essentials.
The threat of cybercrime is not going away so your business must have the right cybersecurity in place to protect itself.
To find out how your current cybersecurity is performing and what steps you need to take to improve it take advantage of our free IT audit. We can health check your existing IT and show you the areas that need improving to make sure your business is protected.