Cyber self-defence for your business

February 2017

Cybercrime doesn’t only happen to huge corporations 

Whatever the size of your business, you need to ensure its safety.

Around seven million cases of cybercrime involving small businesses happen each year, with annual combined losses of some £5.26 billion1. This article takes a comprehensive look at the cyber threats you face and how to avoid them.

What is cybercrime?

‘Cybercrime’ is a sweeping term that covers many areas, but every instance has a common target – data. Data is appealing to criminals because it’s valuable and easily transported. 

For a small business, even an attack that results in a relatively small loss can have a huge effect. A 2016 surveyby the Federation of Small Businesses found that the average cost of cybercrime for its members was almost £3,000. That’s enough to wipe out a start-up’s working capital. 

New EU regulations could also mean fines of up to 4% of annual turnover for businesses failing to protect customers. So it makes sense to make your business as secure as possible.

Know your enemy 

Here are four of the most common types of cybercrime, according to the Federation of Small Businesses(FSB).

  • Phishing – web sites, phone calls and spam emails that appear legitimate, but are actually scams designed to acquire private data. 
  • Malware – malicious software installed inadvertently, usually by visiting a malware-infected (but otherwise genuine) website, or by opening an attachment from a phishing email. 
  • Denial of Service (DOS) – a mass orchestrated attack that floods a computer system (often a website) with countless requests for information, rendering it incapable of responding to real users. 
  • Ransomware – a type of malware that locks users out of a computer system, often by encrypting its data, and threatens deletion until a ransom is paid4.

Preparation is everything

On average, small businesses fall victim to cybercrime twice a year. 

Training staff to identify sophisticated phishing spam can make a huge difference. For instance, knowing that legitimate organisations never ask for login details by email is a simple and effective rule to remember. 

Staying up-to-date is essential

Sensible and well-implemented IT policies are also key and don’t need to be complex. Simply upgrading to the latest version of a browser5 will block most attempts to obtain sensitive data online.

Backups also go a long way to stopping cybercrime and yet 40% of small businesses admit6 to having no routine system in place. 

How the cloud can help

With Cloud backups available instantly in any place, restoring lost data in the event of attack becomes more affordable than ever before and helps businesses get back on track with minimal disruption. 

Cloud hosting is also a great cost-effective defense against DOS attacks. It allows you to deploy additional hardware and expertise to cope with even the most determined attack. 

If an attack happens 

The average time between an attack and it being discovered is 80.5 days7, imagine what damage can be caused in that time!

Intrusion detection needs more than just up-to-date anti-malware software. Computer systems require constant monitoring to detect abnormal behaviour, but that obviously hinges on what’s regarded as 'normal’ behaviour8. If you have limited expertise and resources, you should seek expert help – or you risk being oblivious to a security breach until a customer announces it on social media. 

Dealing with data breaches

Locking down systems and identifying targets are key priorities when dealing with data theft. 

Classifying sensitive data in advance can help, as knowing the kind of data that’s been stolen helps determine your next steps. 

You need to notify law enforcement and anyone affected by the security breach as soon as possible. You might also issue a public statement. This should be simple and factual, following the advice of security experts and law enforcement. 

Forewarned is forearmed

Taking advantage of UK government initiatives for dealing with cybercrime is a great start to help you get up to speed, such as The 2016 National Cyber Security Plan9

Simply defending against cybercrime is not enough. All businesses need to be proactive. Having a better understanding and acting now will reduce your risk and improve performance. Investing in cyber defense makes business sense.