by Bharat Mistry
Small and medium-sized businesses are far more important to UK PLC than many people think. The CBI claims that they account for 99.9% of the private sector and provide 60% of jobs in the sector. And the Department for Business Innovation and Skills (BIS) claims the combined annual turnover of SMEs was £1.6 trillion as of last year, 47% of the total private sector. This makes them an attractive target for cybercriminals, yet many fail to take adequate precautions to secure their IT systems and customer data.
As a trusted advisor to UK small businesses, we recently commissioned research into attitudes towards cyber security. The findings will be an eye-opener for any SME owner who thinks their business too small and insignificant to be targeted by cybercriminals. Join the conversation this week during Small Business Advice Week and follow #SBAW for the latest updates.
We interviewed 500 key decision makers and business owners in UK SMEs to compile the research. Amazingly, just half of them said they rely on internet security tools to protect their organisation from cyber attack – putting them at risk of losing valuable revenue, or even sending the firm into bankruptcy. In addition, just 44% said they knew how to check if their laptops, mobiles or tablets had been infected with malware. Three-quarters (74%) admitted to not fully understanding the legal implications of a cyber attack, while 67% said the same was true of the financial implications of an attack.
Tellingly, just 18% said they thought their data was worth stealing.
These findings are all the more surprising considering that 99% of respondents claimed they understand the importance of spending money on IT security software.
Time to act
The truth is that cybercriminals are increasingly turning their attention to smaller businesses, confident that these organisations have fewer resources to spend on IT security and little idea of how to stop an attack. Unfortunately our research seems to bear this out. Even back in 2013 Trend Micro was claiming that cybercriminals targeted SMBs with a new threat every second. If anything the threat has grown even greater since then.
SMBs are not just an attractive target for attackers looking for customer data to sell on the Darknet, where fraudsters can pick it up cheaply to make money from identity theft. They’re also looking for any small business which is the partner of a larger, higher value target. So called “island hopping” attacks can allow cybercriminals to infiltrate the smaller, less well-defended organisation and then use it as a stepping stone into the network of a bigger partner. It’s how US retailer Target was breached at the end of 2013, exposing the personal details of over 70 million Americans.
Even the UK government has recognised the problem, launching in July a “vouchers scheme” initiative promising up to £5,000 worth of specialist advice for SMEs on how to protect themselves.
During Small Business Advice Week this week, we will be publishing information, advice and tips for SMBs on IT security. As a basic recommendation and at the very least we’d recommend SMEs:
- Install internet security from a reputable vendor and keep it up-to-date
- Apply security updates to OS and software (like Adobe Flash) as soon as it becomes available
- Ensure you have a firewall to keep out internet threats
- Back-up critical data regularly
- Use strong passwords on all accounts and change them every three months
- Ensure Wi-Fi is secure and encrypted
For more information and advice on how to protect your business from online threats, visit: Small business is big business to hackers.