Tips to improve your SME business cybersecurity
29 Jan 2019
This week is Data Protection Week, an international event to raise awareness and promote best practices on privacy and data protection.
According to a survey conducted by the Federation of Small Businesses (FSB), two thirds of SMEs are unaware of the risks of cybercrime or might be aware of it but do not consider it to be a risk to their business. However, alarmingly, 66 per cent have been affected by cybercrime at the cost to a small business victim of nearly £3,000.
With criminals [are] launching more online attacks on UK businesses than ever before, according to statistics published by the National Cyber Security Centre (NCSC), cybercrime and hacking are fast becoming the biggest challenges to SMEs’ future economic success.
The FSB says there are a simple steps that business owners can take to reduce their risk of contracting all types of malware including ransomware, of which WannaCry and Petya are just two:
- Ensure software and devices are kept up to date and all available security patches are installed. Upgrade devices to their latest operating system version where possible.
- Have a robust and regular backup solution which allows you to recover from a malware outbreak. Having an offsite or cloud backup is also invaluable in the event of a natural disaster or accident such as a flood or fire.
- Raise awareness of cyber security risks and promote vigilance within the company. Employees are often a last line of defence against attacks that have bypassed technological barriers and a simple action such as not opening an email attachment may prevent a huge impact to the business.
Beyond ransomware and other types of malware, cybercrime also includes phishing and spear phishing emails, whaling, and CNP (card not present) fraud.
‘Invoice fraud’ phishing attacks are becoming all too common amongst SMEs, where a business email account is illegally accessed and used to send, or modify, customer invoices with altered payment details. This can cause thousands of pounds of lost revenue to a business. Cybercrime should therefore be a topic at the forefront of all business leaders’ minds.
When putting processes in place for effective business administration, sound management accounts will enable better control of your financial situation and awareness of the business in real time. This can be effective not only in detecting and countering fraud, but also in enhancing planning for the peaks and troughs. In turn, whilst many companies do not need an audit due to rising thresholds, an audit can give comfort to business owners and act as a fraud deterrent.
At Beavis Morgan, we work with SMEs to put processes in place which make it easier to run your business, reduce risk and maintain effective management of your company’s working capital.
IT security is a collective responsibility and it is essential that SMEs take the necessary steps to protect against cyber attacks. Read a copy of our briefing note ‘Is your business protected against cyber threats?’ for more advice to help SMEs safeguard against cybercrime and be prepared.