While cyber attacks on large corporations and organisations make national newspaper headlines, small businesses are just as likely to be victims of cyber crime – and the costs can be high.
According to a survey conducted in 2019, the Federation of Small Businesses (FSB) Opens in a new window found that small businesses in the UK collectively experience 10,000 cyber attacks each day. These attacks can be lucrative for cyber criminals, with the annual cost of a cyber attack averaging around £1,300 per incident and the overall cost to the small business community amounting to £4.5bn annually.
Failure to protect your small business from cyber crime can be costly – and not only in terms of an immediate financial loss. A data breach can damage your business’ reputation, erode customer trust and impact sales. Factor in website downtime and the cost of restoring operations and cyber crime can pose a risk to the viability of a small business.
Discover the personal aspects involved in starting a new business with our free Entrepreneurial behaviour course Opens in a new window.
As part of our Learn with Start Up Loans Opens in a new window partnership with The Open University, our online course is free to join, delivered by experts and includes a free statement of participation on completion.
What is cyber crime?
Cyber crime is criminal activity that targets individual computers, computer systems or IT networks with the intention of stealing passwords, data or money. Once in control of your computer system, criminals may also block your access to data until you pay a ransom, known as ransomware.
It’s vital that you know how to spot a cyber attack, along with the steps you can take to protect your business and understand what to do if you fall victim to any form of cyber crime.
Common types of cyber crime
Cyber crime covers a variety of activities that can harm your small business. Common types include:
Hacking results in a criminal gaining unauthorised access to your computer or computer system. This kind of attack can use complex and sophisticated techniques. By exploiting software weaknesses on your computer or network, hackers can access sensitive or financial data.
Phishing is an email attack engineered to trick recipients into performing a specific action, such as clicking on a malicious link or attachment that may then download malware to your computer. Phishing emails may be sent to many people in the hope one or two take action, while some – known as spear phishing – are specially targeted to an individual. This type of phishing may appear to come from a genuine source asking for payment or information, but fraudsters are behind it. The Cyber Security Breaches Survey revealed Opens in a new window that phishing is the most common cyber attack on small businesses, with 82% of cyber attacks resulting from a form of phishing.
Malware is software that is designed to disrupt or gain unauthorised access to a computer network or PC. Malware includes viruses that are often unknowingly downloaded. Malware can take control of the network, allowing cyber criminals to gain access to sensitive information and data and even access a PC’s webcam or record your keystrokes as you type.
Ransomware is a form of malware. Once cyber criminals hack a computer system, they may block data, effectively holding it to ransom. Data is only released once a ransom has been paid, generally in cryptocurrency. A survey by Beaming from 2018 Opens in a new window revealed that ransomware attacks were the most financially damaging to UK small businesses, costing an average of £21,000 for each victim.
8 ways to protect your business from cyber crime
Discover 8 ways to protect your small business to help reduce the risk of cyber attacks.
Install firewalls to help keep your computer system protected. A firewall is security software or hardware that acts as a gatekeeper between your network and external computers. It filters and checks incoming internet traffic, blocking unauthorised access to your network, effectively establishing a barrier against hackers and cyber criminals.
Install anti-virus software
Install anti-virus software on every computer across your network and ensure it is turned on and kept updated. Not using anti-virus software can be an easy way to let hackers, especially beginners, access your data. Anti-virus tools are designed to track and remove malware from your system.
Keep systems up to date
Keeping your computer’s operating system software and applications up to date is crucial as new releases, even minor ones, typically fix bugs, patch security vulnerabilities and add additional security measures. Updating software can help reduce the chance of cyber criminals hacking into your computer system.
Use strong passwords
Use strong passwords to secure access to all your important information as well as your wi-fi connection. It’s a good idea to use a passphrase as they’re longer and more complex. Strong passwords use a combination of numbers, upper and lower case letters and special characters and symbols. It’s a good idea to use a different password for each account.
Implement multi-factor authentication to protect data. This type of authentication requests that two or more forms of identification be used to allow access. An example includes supplying a password and then entering a code that is sent to a mobile phone to guarantee an authorised person is accessing the account/information.
Make regular data backups
Backing up your data can be a cost-effective way to ensure protection in the event something goes wrong or you fall victim of cyber crime. Regularly and securely backing up customer information, financial data and other important information is beneficial if your system is held to ransom or hacked. You can backup information on physical devices or in the cloud, and it’s recommended to back up using several systems, such as remote and physical storage. Always ensure your backups are encrypted and have multi-factor authentication for added protection, and customer data is stored in line with GDPR regulations.
Train your staff
Educate your staff to recognise signs of cyber crime. Scams such as phishing may have tell-tale signs in even the most legitimate-looking phishing emails, so training your staff to identify what these are can help prevent falling into hackers’ traps. Encourage staff to act with caution whenever receiving emails asking for money payments or information and brief staff on the latest scamming trends. The Cyber Security Breaches Survey reveals that only 13% Opens in a new window of small businesses train their staff on cyber security.
Create a cyber security plan
Invest time in creating a cyber security plan and ensure regular back-ups and software updates. Then, if the worst happens and your business does fall victim to a cyber attack you may be able to recover quicker and with less data loss. Having a formal cyber security plan will help you take action to resolve the issue quickly and prevent it from happening again. It’s also key to understand what kind of attack or breach has been made and what has been affected.
A cyber security plan can help you:
- Prepare for various cyber attacks and know how to recognise them.
- Identify and diagnose that a cyber attack has occurred.
- Report the attack to authorities.
- Take action to retrieve information and restore operations.
- Communicate the problem to staff and customers.
- Evaluate what has happened so you can learn from it.
An important part of debriefing after an incident is asking whether it could have been prevented and how to reduce the risk of it happening again. Cyber criminals may still attempt to access systems even with the strictest security measures, but there are measures you can take to reduce the risk of becoming a victim.
Thinking of starting a business? Check out our free online courses in partnership with The Open University on being an entrepreneur.
Our free Learn with Start Up Loans courses Opens in a new window include
- Managing and managing people opens in new window
- Marketing in the 21st Century opens in new window
- Commercial awareness opens in new window
Plus free courses on finance and accounting, marketing, project management, management and leadership.