Cyber-attacks on large corporations are nothing new, with high-profile corporations falling victim to sophisticated online criminals at an alarming rate. A cyber-attack on a smaller enterprise is unlikely to garner the same level of attention as the hacking of a multinational corporation, but that does not mean there are not many successful attacks on small businesses daily.
According to research, cybercriminals are increasingly targeting SMEs in a number of ways, with ransomware attacks proving to be one of the most common methods used to extract money. Ransomware is a type of malware that encrypts all files on a computer and demands money, usually untraceable bitcoins, for them to be unlocked. Not only do 36% of ransomware victims report loss of business income due to the attack, but this type of cyber threat is expected to increase 300%.
As per the survey, the perceived threat of cybercrime has increased significantly, with 29% of respondents reporting an increase in cyber-security threats to their business in the last 12 months, up from 16% the previous year. With more businesses becoming digitised and instances of cyber-crime on the rise, new research has revealed that nearly a quarter (24%) of SMEs have been a victim of a cyber-attack or malicious cyber activity.
While ransomware is increasingly common, business email compromise resulting in bank fraud not only costs a considerable amount of money but can directly impact the relationship you have with suppliers and customers.
Of those SMEs who have been targeted by malicious cyber activity, nearly half (49%) said they had experienced a phishing attack, 44% had been targeted with malware, and a quarter (25%) had experienced a ransomware attack.
Nearly three quarters (74%) of those surveyed indicated they have anti-virus protection, 60% have firewalls in place for the business and more than a third (37%) have two-factor authentication. However, just 27% of SMEs have had specific staff training to protect the business and themselves from scammers or online phishing.
It can be difficult for SMEs to find the right balance between protecting themselves from malicious cyber-attacks and creating unnecessary restrictions on employee device usage. Few basic actions can be used for an SME company to avoid being a target of cyber-crime:
Protect the method of accessing information
Using the same password across multiple systems, as well as using short or easily guessed passwords, increases the likelihood that a password will be compromised. Passwords that change too frequently or are too complex will only frustrate users, who will ‘game’ the system to make their lives easier by reusing, incrementing, or writing them down. Modern password managers greatly simplify the task of using the many passwords required to manage your business.
Even if a password is stolen in a phishing attack, the use of multi-factor authentication (MFA) ensures that hackers are unable to sign in because they lack the vital final piece of information that only a legitimate user has.
Protect where data or information is being stored
Taking a backup of the company’s data and storing it separately from the main system means that if the company’s main system is lost due to a cyber-attack, the company can still recover from a backup space.
Consider cyber risk insurance
The cost of a cyber-attack against a typical SME would surprise most people. Even for a small business, the direct costs of technical assistance and recovery, legal fees and litigation, costs of notifying affected people, and public relations can total tens of thousands, if not hundreds of thousands, of dollars.
In contrast, as the use of the internet and networked computers grows, and new technologies such as cloud computing enable even greater technological advances, cybercrime is expected to increase as cybercriminals seek to exploit online and networked vulnerabilities in business networks.