THE BLOG

No Business Too Small to be at Threat From Cybercriminals

17/03/2014 15:04 GMT | Updated 14/05/2014 10:59 BST

We all love our local suppliers, shops, hairdressers and cafes, and it is these small businesses that keep our communities running. However, research has shown that the majority of these smaller businesses do not believe they are at risk of a cyber-attack, with 59 per cent believing the information they hold isn't of any interest or value to cybercriminals at all.

This most certainly isn't the case. Due to the lack of awareness of these threats, the often overlooked human element and the limited security measures that may be in place, it's becoming easier for cybercriminals to target small, local businesses.

So this week I want to take the opportunity to help small businesses reduce their chances of becoming a cyber-victim and keep their business SAFE:

Stepping stone - Whether it's a supplier, a partner or a customer, SMBs tend to have links to other, larger companies. With this in mind, cybercriminals increasingly target SMBs to get information which will enable them to access the larger company's infrastructure. For example, if the SMB in question is a widget supplier to a big name, a cybercriminal can sneak into their system if insecure and steal information which will make it easier for them to gain access to the larger company's infrastructure, putting both them and their associates at risk.

It's true that if you hack a bank, you will get more financial gain than if you hack a local post office - but banks are also much harder to hack. If cybercriminals access enough smaller businesses, their gain could be on just as large a scale, or ultimately give them enough collateral to access a big organisation directly.

Awareness - Are SMB employees aware of cyber security? Do they know what to look out for? Phishing / spear phishing and watering-hole attacks are often used to trick staff into giving away confidential information, such as passwords and account details, which could help grant a cyber-criminal access to the company's infrastructure. This could enable the hacker to steal valuable customer and corporate data.

Another aspect of awareness is the ever increasing use of humans as part of the hacking process. Do you allow the contractor who visits your office each week to connect his USB stick to a company computer? Little do you know, this device could be infected with malware, ready to infiltrate the company's system and steal valuable information. In a world where people are eager to help others, something so small can have an overall damaging effect.

Forecast - Small companies often lack IT support which keep an eye out for potential cyber threats. Larger companies tend to have IT managers, who would keep up to date with relevant security news, making them aware of the potential cyber threats out there. In smaller companies that lack this, it is important for all employees to keep their ear to the ground in terms of recent threats, and to get in third-party vendors and experts to educate their staff so all can keep an eye out for the tell-tale signs etc.

Forward planning is also an issue SMBs need to be aware of - do you have a recovery policy in place if you were to be hacked? How would you get your business back to a positive, secure and reputable place? Make sure all employees know they have a responsibility in terms of the company's IT security.

Educate - It is vital to make sure all staff are educated on security policies, just as they are on health and safety issues. This is important in all organisations but in particular, for smaller companies. You need to demystify the issues, explain them in an easy to understand manner, use analogies if necessary; create a few simple top tips or do's and don'ts for staff to follow and place posters including these all over the office. This security strategy isn't a one-off activity, like painting the office - it will need to be revisited on a regular basis to keep up with the security landscape and keep security issues front of mind. All SMB employees need to be responsible for security, especially with the number of personal devices being used for work.