Last week I attended a round-table that explored how micro businesses are targeted by cybercriminals. It may be surprising to many people to learn just how at risk from cybercriminal activity even the smallest of businesses can be - fraud, banking Trojans, ransomware and phishing attacks all target small as well as large businesses, taking advantage of their lack of knowledge and lack of in-house expertise, or complacency, to make some quick money. Those attending the round-table were able to offer different perspectives on the threat. They included Alex Grant, fraud prevention director at Barclays bank; Professor Robert Blackburn, Associate Dean Research, Director of The Small Business Research Centre Faculty Management, Kingston University; Marc Chaudhuri, Director of a niche family law practice; Kaspersky Lab's MD; and a host of interested journalists.
Alex Grant has seen thousands of small businesses face the full spectrum of threats. He revealed that fraud affects one in eight small businesses every year, with losses to SMEs estimated at nearly £20 billion. He told us that he has seen criminals try to steal the goods, or even corporate identity, of a business through letters, a phone call, or e-mail.
According to Alex, typical scams include opportunities to acquire new customers who you supply goods to but who never pay you, or to purchase items from new suppliers that never deliver. Someone who understands this only too well is Marc Chaudhuri, Director of March Solicitors. He has experienced first-hand the devastation wrought by a cyber-attack. Marc experienced the theft of £20,000 - taken from his account in £5,000 chunks. He told us that when you go through something like this as a small business owner, it drives home just how devastating cybercrime can be.
The round-table was prompted by the latest Kaspersky Lab survey that revealed just how unprepared small businesses are to handle a cybercrime attack. One third (31 per cent) say they would not know what to do if they had an IT security breach tomorrow; four in ten say they would struggle to recover all data lost; and a quarter admit they would be unable to recover any of the data.
Professor Robert Blackburn informed us that 95 per cent of businesses in the UK are small or micro businesses. When you pair that with Kaspersky Lab statistics - showing that 82 per cent of small businesses think they are not a target for attack because they're too small or don't have anything worth stealing - it's clear that there's a significant problem for UK businesses.
Following this eye-opening event, we came up with the following simple, actionable tips that any small business can follow to reduce their exposure to cybercriminal attack. Spend just five minutes a day checking these five things to help keep your business safe:
1. Passwords - Check that all Internet-enabled devices and computers that carry your business data are protected using strong passwords, regardless of whether the equipment belongs to the company or is employee-owned.
2. Attachment Awareness - Understand the dangers that can lurk in emails, web pages, USB flash drives, CDs, etc. and consider introducing extra software that will filter out suspicious-looking items.
3. Educate all employees - Make sure that everyone knows how to stay safe online: including how to use strong passwords, spot suspect e-mails or web sites, and protect company information.
4. Back-up - Every day, make sure the information you store on any device is backed-up and stored securely. Imagine how your business would cope if you had to do without it.
5. Security systems - Take full advantage of any user-friendly Internet security software that that has been specially-created for small firms such as your own to secure devices such as smartphones, laptops, tablets, computers, WiFi and networks. Don't forget about physical security as well - keep things out of sight and keep the site locked up.
The key messages from the round-table were that fraud and cyber-attacks can happen to any business, impacting the revenue, reputation and long-term health of the business; that no business is too small to be targeted; and that by developing a cyber-security strategy, the business can reduce its exposure to attack.