Cybercrime is an ever growing threat. Research suggests that not only are thousands of small businesses in the UK at risk of being targeted by crafty criminals, but many millions of pounds are already being taken by people praying on companies with poor security systems. According to Beaming, approximately 2.9 million UK organisations were hit by some form of cybercrime in 2016, at a total cost of £29.1 billion.
In a recent survey carried out by banking giant Barclaycard, small companies admitted that they were more fearful of cybercrime than of Brexit. According to the results, just under half %2844 per cent%29 of those surveyed said they had significant concerns with regard to being hit by cybercriminals or a data breach, while only 34 percent said the consequences of Brexit were a major concern.
Cybercrime and Ransomware
One of the most common forms of cybercrime, if not, the most common form of cybercrime threatening SMEs in 2017 is ransomware. More and more cybercriminals are demanding larger ransoms as the level of sophistication in distribution methods and attack vectors expand.
Ransomware attacks are carried out in disguise. For instance, a phishing email may be sent to an employee that appear to be from a colleague or friend requesting to open an attached file. Once the attached file is opened, ransomware is installed on the computer and begins encrypting the host’s files. Malware attacks are persistent until, eventually, someone throughout the business becomes a victim - it can happen with a single click.
Why are small businesses being targeted?
There are numerous reasons why small businesses are being hit by cybercriminals. For one, many small businesses have very little money to put towards safety; there are often more immediate problems for SMEs to tackle – paying bills or selling products, for example – and so spending money on security measures can often be viewed as an extra consideration, rather than a necessity.
There’s also the fact that most SMEs are run by people without a detailed knowledge of cybercrime. So, not only are they unaware of how they are likely to be targeted, they are unaware of what to do in order to protect their business in the first place and do not fully understand what should be done in the wake of becoming a cybercrime victim.
There is also the fact that, with consumers becoming more and more used to utilising the internet to conduct their dealings with small businesses, the vast majority of SMEs have a significant online presence. While this is an incredibly useful – some would say vital – commerce channel, it also means that savvy criminals have a direct route of attack. Be it via emails, or by hacking into a poorly protected website, being online leaves one vulnerable if the correct measures aren’t taken.
What can be done?
Of course, the key is to constantly remain vigilant. Understand first what behaviour is risky – visiting websites that do not look legitimate, or opening emails from suspicious sources – and then avoid doing those things. Also, it's essential to inform employees of the dangers, and make them aware of what they should be looking out for.
In addition, all businesses should do in a bid to protect themselves is look for some kind of disaster recovery service. By having a disaster recovery service in place that helps you restore your valuable data when all else fails, you will be giving yourself a massive business advantage.