Small Business Digital Security at Risk from Cyber Crime

Think no-one would be interested in attacking your business’s IT systems?

Think again.

According to the BIS 2015 Information Security Breaches Survey, 74% of small businesses suffered a security breach in the year 2014-2015.

On top of this, the survey also found that the average cost of a breach to an individual small business ranged from £75k to £311k. Even at the lower level, that’s enough to put many otherwise healthy businesses out of business.

Owners of small businesses often dismiss the risk of cybercrime, assuming the firm has nothing that would be of value to cyber criminals. But, in fact, every individual or organisation using digital communications is a potential victim. You don’t have to be an Ashley Madison to be a target.

So, who might be attacking you, and why?

Threats from Cyber Crime

Whilst attacks can come from other sources, the single greatest threat for small businesses comes from organised crime groups looking for opportunities to profit through fraud or by selling information.

It’s all too easy for a member of staff to click on an attachment or web link in an email that appears to be from a trusted source – but isn’t. And once they’ve clicked, the damage is done. Your system is wide open. Alternatively, an unsecured wireless network where no-one has bothered to change the default password makes an easy entry point.

You probably won’t know anything is wrong at first – but criminals could nevertheless be busy with any of a number of unwelcome activities.

These include:

Accessing Digital Data

  • Personal data is a goldmine for cyber criminals. They can use the details to make money either by using the data directly themselves or by selling the information on to third parties. A simple Excel file with thousands of names and addresses might be worth £100,000.

Emailing all your contacts using your email address

  • The more email addresses criminals get access to, the more people they can target with scam emails and the more systems they can invade.

Monitoring digital activity

  • Malware allows criminals to track an individual’s activity and to log keystrokes to identify personal details and passwords. Increasingly, criminals are indulging in what’s called ‘social engineering’. This is the practice of building up a profile of an individual based on their digital activity, then stealing their digital identity. Amongst other things, criminals use the data to set up bank accounts, get new passports and take over social media accounts. This in turn gives them access to more people’s data. And of course, once a criminal has taken over a social media account, the original user is locked out and has to start building contacts and followers again from scratch.

Intercepting emails

  • Email conversations offer almost infinite possibilities for the criminally-minded. One example is the practice of intercepting an email with bank details on, changing those details, and getting the money sent to an entirely different account.

Though the criminals are clever, there’s a lot business owners can do to keep them out. If you have an IT support partner, use their expertise. They should know what to look out for and how to keep your business as safe as possible. The starting point is to invest in paid security software – free anti-virus programmes just aren’t powerful enough. Equally important is to focus on staff training. Constant vigilance pays dividends.

And if anyone stores information in folders with tempting names such as ‘personal info’, suggest they rename the files fast.

If you’d like any advice on making sure your business is protected, we can help. Give us a call on 0161 359 3689 or email us here [email protected].