Cyber-attacks on big companies make the news. Equifax, TalkTalk, Deloitte and Uber immediately spring to mind and of course there are the countless public-sector examples that arose due to the ransomware attacks last year, most notably on the NHS.
What gets relatively little attention is the fact hundreds of thousands of SME’s are attacked every year.
Zurich Financial Services research published last summer found that 49% of SMEs will spend less than £1,000 on cyber security over the next 12 months with almost a quarter likely to spend nothing. This is despite the fact 20% of SMEs affected by a cyber-attack said it costs them more than £10,000 to deal with and more than 10% said it cost over £50,000.
Whilst SMEs should certainly be investing in this area, there are some cost free and low-cost common-sense actions that can be taken to reduce the chances of being successfully attacked.
The Government’s National Cyber Security Centre (NCSC) has recently established a very helpful SME guide to cyber security.
This guide highlights five key recommendations that can quickly, easily and cheaply reduce your chances of falling victim to a cyber-attack. They are messages that all AAT members should take note of but also advice that licensed members can utilise in advising their clients.
AAT’s 4,250 licensed accountants provide services to over 400,000 British businesses representing a great opportunity to spread good practice, reduce costly attacks and help keep Britain safe and secure.
The five key messages from the NCSC are to:
- Back-up your data
- Keep your smartphone and tablets safe
- Avoid phishing attacks
- Use passwords to protect your data
- Protect your organisation from malware
Easier said than done you may think but there is a wealth of advice as to how these objectives can be achieved. For example, backing up your data can be done relatively cheaply whether simply transferring work to a USB or storing it on the cloud.
Likewise, whilst smartphone security is an increasing problem, it doesn’t have to be. Switching on password protection, being able to track a stolen device and keeping your apps up to date are all cost-free steps that can make a huge difference. They simply require a degree of awareness and discipline.
How secure is your business?
It’s also worth highlighting that cyber security doesn’t have to be boring and complex. The howsecureismypassword website enables you to enter your current password and immediately see how long it would take a computer to crack it. Using the word “password” can be cracked immediately, “password123” takes a month and I found that entering my own password produced a calculation that a computer would take 1 trillion years to uncover. A staff competition may be in order here – what better way to encourage staff to change their passwords to something more secure than a bit of office rivalry.
One area that most members will be familiar with are phishing emails given that HMRC is one of the most ‘phished’ brands in the world. HMRC’s approach, as set out in their Cyber Security Strategy, has reduced the number of fraudulent emails being sent to the British public but hundreds of millions are still sent every year.
As well as spelling mistakes and poor grammar, there are many things you can look out for to help you recognise a phishing or bogus email but increasing sophistication means this may not always be enough. Instead, if you, your colleagues or clients have doubts, why not refer to the many examples of bogus HMRC phishing and email scams that are regularly made available on the relevant section of the HMRC website.
You can also forward suspicious emails to HMRC’s phishing team at HMRC phishing team: email@example.com and likewise suspicious text messages to 60599.
If personal security details have been revealed such as name, address, HMRC User ID or password, then get in touch with the HMRC security team at firstname.lastname@example.org
Much of this may seem like common sense but with so many businesses – large and small – failing to apply any of these simple solutions, the number of attacks will continue to increase in volume and intensity.
Although the disruption and cost to British Business is growing, it can be stemmed if we all play our part. If you haven’t taken any of the steps above do so as soon as possible but also make 2018 the year you build this type of advice into your services to clients. Together we really can make a big difference to the safety and security of British businesses.
Phil Hall is AAT's Head of Public Affairs and Public Policy.