So much of modern work is now done on personal computers, smartphones and tablets, and while we embrace the advances in technology and the ease with which tasks can be completed, it’s easy to forget that technology brings its own risks too.
In the last three years there’s been lots of news about data breaches affecting large companies, but the reality is that just about anybody can be targeted by a cybercriminal.
Research from the Federation of Small Businesses (FSB) shows that a staggering seven million cybercrimes are committed against smaller businesses in the UK every year – that’s 19,000 a day. On average, a cybercrime incident costs a small business victim almost £3,000 in damages, and it can take over two days for the business to be back up and running.
Cybercriminals are foremost concerned with increasing their financial gain. They seek to do this by stealing private financial information, personal details and account login credentials, so that they can go on to commit fraud, data theft or extortion.
This can include anything from stealing a customer’s information to commit identity fraud with other services, to selling stolen credit card numbers or account profiles on the dark web for cash.
But some hackers are playing for higher stakes – if they can infiltrate a company and trick employees into thinking that a fake email comes from an actual customer, supplier, business service or a superior, then there’s a chance they can trick employees into sending huge amounts of funds to a bank account owned by the cybercriminal.
There are several methods cybercriminals use to attack businesses:
• Malware – a software program written by cybercriminals to steal information from a computer or network once it is initiated
• Phishing emails – fake emails that imitate customers, suppliers or services known to the individual. These emails can trick the user into opening attachments containing malware, or trick the person into clicking on a hyperlink to a fake website where the user is asked to enter their login details.
• Ransomware – a new type of malware that was used to attack the NHS in 2017. Ransomware locks computers and demands a ransom in bitcoin. If the ransom is not paid, the program deletes crucial data from the PC, or prevents the victim from using the machine again.
• DDoS attacks – Distributed Denial of Service (DDoS) attacks happen when a hacker floods a company’s website with traffic to take it offline. The true aim of the attack is often to find vulnerabilities in the website’s defences so that the cybercriminal can access the website’s database of customer information, or to gain access to the company’s internal computer network.
You don’t have to wait for the bad guys to come calling – there is a lot that businesses can do to avoid becoming victims.
Here are some tips that all small businesses should follow, as recommended by the National Cyber Security Centre and FSB Cyber Protection advice line:
1) Back up all your data
Make sure that all important information pertaining to your business – such as customer details, quotes, orders, payment details, document templates, financial records – is backed up safely and regularly, so that it can be restored in an emergency.
A key tip is to make sure that the backup is stored in a secure place that other employees cannot access, and that the backup device is not connected to any computer or network. A good place to store backups is the cloud.
2) Use passwords to protect your data
Make sure you switch on password protection on all devices, and use two-factor authentication on all user accounts where you are given the option.