After several prolonged, difficult
months, plagued by coronavirus, small business owners are preparing for the day
they can finally and permanently reopen their doors.
The pandemic has seriously
impacted the health of businesses everywhere, and for most employers, getting
their business operating back to some form of normality cannot come soon
But whilst businesses across the
country prepare to welcome back their employees and customers, hackers and
cyber criminals are actively infiltrating and exploiting small businesses at breathtaking
speed and success.
Small to medium sized businesses
are particularly vulnerable to renewed and increasingly sophisticated cyber-attacks.
In fact, an estimated 43% of global cyberattacks involve small and medium sized
Unlike large corporations and
government agencies, many SMEs do not believe they are attractive or high
profile enough to be targeted by cyber criminals and subsequently, neglect
investing and budgeting for cyber security protection that is required to
prevent unauthorised breaches.
It’s a fact that the COVID-19
pandemic has seen an unprecedent spike in cyber security attacks. According to
report from Microsoft, COVID-19 themed cyber-attacks
spiked to nearly a million a day during the first week of March.
Phishing attack attempts are the
main area the cyber criminals are focusing on with attacks up by 600% in March alone
according to Barracuda Networks. Other types of attacks cyber criminals are
focusing on are:
Considerable domain names were
registered at the start of the pandemic containing terms like “coronavirus”
“corona-virus” “covid-19” “corona-pandemic”. Whilst some of these websites are
legitimate, the vast majority are not. Cyber criminals are registering
thousands of new domains and websites every day to carry out spam campaigns,
phishing campaigns and to spread malware and ransomware to user devices.
Cyber criminals are taking
advantage of widespread global communications to mask their activities and
cover tracks. Malware, spyware and trojans have been embedded into interactive
coronavirus maps and websites. Spam emails are also tricking users into
clicking on links which download malware to their devices so they can be
Hospitals, medical centres and
public institutes are among the top targets for cyber criminals when using ransomware
attacks. This is due to them being overwhelmed with the crisis and they cannot
afford to be without systems and key services. The cyber criminals believe such
institutes are likely to pay the ransomware so they can continue to operate
which is why they are a key target. Ransomware is generally entering systems
via emails containing infected links or attachments, compromised employee
credentials or by exploiting a vulnerability in systems.
With most organisations having
adopted working from home practices because of the pandemic, it is critical
that employers create remote working policies to mitigate the risks involved.
Whilst many SMEs understand the
importance of having a cyber security culture in the office environment, this
is very difficult to replicate for employees working from home and is often
There are many areas that
businesses need to consider such as device security, strong passwords and
multifactor authentication, so having a detailed plan in place that details the
current security posture of the business as it stands, and where it needs to be
going forward is absolutely key.
Critically, this should also be extended
to cover working from public places as well as home.
The disruption caused by
COVID-19 is inevitable and businesses have enough to worry about without
contending with cyber security and compliance issues. But unfortunately, cyber
criminals have sensed an opportunity amid the pandemic to exploit people’s fear
Security company Check Point
suggest that coronavirus-related attacks are now declining but state that
threats are likely to continue at heightened levels for some time yet. Once a
hacker has compromised and gained access to a network, they can install malware
and choose to activate it at any time in the future.
In 2019, the average single data
breach cost a business $200,000 and studies have shown that 60% of these small
business victims go out of business within the first six months of experiencing
such a transgression.
SMEs should take quick and
decisive action as its never been so important to develop and implement a
strong cyber security strategy to help combat the ever-changing threat
landscape and mitigate risk. Data protection is key to this along with securing
After months of lockdown, small
businesses now have the opportunity to firm up their cyber defences to protect
their employees, customers and livelihoods from cyberattacks. Small businesses
should adapt to the new and ever-changing cyber threat landscape as we prepare
for a post COVID-19 era.
A solid cybersecurity strategy
is no longer just for larger businesses nor is it a luxury – it is a