As we’ve discussed previously, small businesses face numerous challenges. One that has recently come to fore is dealing with the increasing risk of cyberthreats.
Much of the media coverage around cybercrime incidents and breaches concerns large businesses, primarily because of the large numbers of people affected. But there is evidence that small companies too are increasingly targeted by cybercriminals.
Research by US telecoms company Verizon found that small businesses make up 58 per cent of cybercrime targets. And, according to research by business ISP Beaming, two-thirds of UK companies with 10-49 employees suffered some form of cyberattack in the past year, with a cyberattack costing, on average, £65,000 and phishing still representing the biggest threat (25 per cent of all attacks).
Some small businesses may feel that they wouldn’t be of interest to cybercriminals. But, while the payday may be less, cybercriminals still see these organisations as sources of personal information they can use for nefarious purposes or funds that they can fraudulently get their hands on.
Any small business is at risk from social engineering and phishing attacks, which could see employees unintentionally put company or customer data at risk or mistakenly transfer money to fraudsters.
In addition, cybercriminals often look to small businesses as a means to get into larger organisations. For example, if the small business is part of the supply chain of a larger enterprise, cybercriminals will gain access to their credentials to commit a breach that may go unnoticed until after the attack has taken place.
Whatever the motivation behind them, cyberattacks can cripple small businesses. The average cost of dealing with the aftermath of a breach for a small business in the UK is £25,700, according to insurance firm Hiscox. However, reputational damage could bring a significantly higher indirect cost.
There’s no escaping the fact that small businesses need to take cybersecurity seriously, with prevention the best place to start.
However, the sophistication of modern cyberattacks and the temerity of those behind them, means that compromises are likely to occur, even if the perimeter of the company’s network is well protected. The fact that more cloud technology is being used, along with the growing number of devices accessing company networks, also increases the level of risk.
Small businesses therefore need to employ cybersecurity technology that can monitor networks and users, and potentially mitigate issues before they progress.
Many small businesses may not have a dedicated security specialist, so it’s also important that this security information is relayed in a way that can be understood by staff who don’t have expertise in security matters.
With expense likely to be an issue for some small businesses, there are more cost-effective ways to boost security capabilities, such as cloud-based technology and paying for outside expertise, rather than have to invest in a dedicated security team.
Another area to focus on is improving staff awareness of security threats, so they can be vigilant for social engineering and have the ability to spot suspicious activity,
While improving the level of cybersecurity will ensure individual businesses are better protected, tackling cybercrime for small businesses will also benefit the global economy, according to the World Economic Forum (WEF). This is because small businesses are the “lifeblood of the global economy” due to the vast range of essential services they provide to individuals, government and other businesses.
By taking the right steps, small businesses can be just as secure as larger organisations with multimillion-pound security budgets. But the first step is to realise that size is no issue when it comes to cybercrime.