Cybercriminals are smart enough to take down a bank, and they are targetting small business. Are equipped to defeat them?
This week, Travelex hit the headlines after being held to ransom by hackers. It was forced to take its entire business offline while it dealt with the ransomware attack. It is the latest in a growing line of major names to be successfully attacked by hackers and digital criminals.
However, it is actually small businesses who are increasingly being targeted by cybercriminals. They’re often the weak link in a chain of businesses because they don’t have robust security measures in place.
Which shows the very real need to put practices in place to prevent security breaches.
Free cyber security guide
Check out the 5 steps for defending your business against cyber attacks, in the National Cyber Security Centre’s updated guide.
Cyber security series
- Part 1 – Protect your small business with the latest on cyber security
- Part 2 – 5 ways to make your business more cyber secure
If you’re a self-employed licensed accountant or bookkeeper, or you run your own accountancy practice, you might assume international criminals aren’t interested in your computer system. But your data, and your customers, is extremely valuable, and a data breach could cause you huge financial and reputation damage.
According to the latest Hiscox Cyber Readiness Report, 61% of firms have reported one or more cyber-attacks in the past year. Among firms reporting attacks, average losses associated with all cyber incidents have risen from £180,000 last year to £291,000.
A guide to keeping your data safe
The National Cyber Security Centre has just updated its Small Business Guide with the latest on how to protect yourself against cyber attacks. It covers all aspects of data security for SMEs, including:
- backing up data
- keeping computers, laptops and smartphones safe
- protecting against malware and phishing attacks
- and using better passwords.
It’s important for SMEs, licensed practitioners and sole traders to be aware of the simple steps they can take to protect themselves. If you employ staff, even part-time, it’s essential that they’re following the guidelines, as many data breaches are due to simple human error.
Why data security matters to small businesses
Criminals are out to exploit any weakness in your security systems and SMEs can be targetted because they offer a route into other, larger, organisations, says Del Heppenstall, Cyber & Data Privacy Partner at KPMG UK.
The weak link in the supply chain
“Phishing, ransomware, malware – SMEs will receive these attacks indiscriminately,” he says. “Cybercriminals now do their own investigations and look at where an organisation is in the supply chain. They try to identify businesses that might be providing services to a bigger party. In this way, SMEs are often seen as a route into bigger organisations.”
This might take the form of accessing your inbox and sending malicious emails to clients, who will trust the email because it appears to come from you. It might also cause you reputational and financial damage as a result, he says.
“Data breaches happen to companies of all shapes and sizes — they just don’t make the headlines,” says Bruce Penson, managing Director of Pro Drive IT. “Your accountancy business is just as, if not more, likely to be targeted as larger organisations.”
Fonts of valuable data with minimal security
As an accountancy practice, you hold masses and masses of personal data. And without the resources of the big companies, you’re unlikely to have very robust security measures. Cyber criminals know this.
“In the underground world of the dark web, it’s not just money that criminals are after,” he says. “Data is extremely valuable too. So, if hackers can find a more straightforward way to access it, why wouldn’t they use it? Unfortunately, businesses like yours are often seen as an easy and highly attractive target.”
Financial and reputational damage
It’s a big issue and one that could cost your practice dearly — both financially and in terms of your reputation, he says. Plus, since the introduction of more stringent laws under GDPR, government advertising and several highly publicised cases, your clients will want to know their data is safe with you.
“When it comes to cyber security, SMEs are the soft underbelly of the business world,” Paul Rose, CISO at Six Degrees. “In fact, SMEs are becoming an increasingly lucrative target for hackers. Social engineering and CEO fraud are a big problem, as SMEs often don’t have the same level of governance in place as large enterprises. And SMEs may also be targeted for their connections to a larger company – third-party suppliers are often the weak link in an organisation’s cyber security chain.”
So how do you protect yourself?
The first step is to acknowledge that the risk is real, and increasing, says Paul Rose. Then complete a risk assessment and create a cyber security strategy.
After that, provide training to all staff so that they know how to deal with incidents. Make sure you have a plan if the worse happens and you need to respond to an incident, or put business continuity plans in place.
Marianne Curphey is an award-winning financial writer and columnist, and author of the book How Money Works. She worked as City Editor at The Guardian, deputy editor of Guardian online, and has worked for The Times, Telegraph and BBC.