10 July 2016
3 min read
When you think of cybercrime it’s easy to come up with examples of big businesses who became victims. TalkTalk, one of the most prominent cases in recent months, had the personal details of nearly 157,000 customers breached in November 2015.
SMEs might not appear to be lucrative targets when compared to giants like TalkTalk but to cyber criminals, any business is a potential victim.
It’s important to be aware of common misconceptions about cyber security, so we’ve put together a list of the most prevalent. How many of these do you recognise?
“Large businesses pay more for data breaches”
At first glance this is true. Larger businesses have more customers, so it stands to reason that they’d pay a larger amount when they’re targeted.
However, recent research from the Ponemon Institute revealed that global cybercrime is on the rise for smaller businesses. Between 2013 and 2015 the cost rose 12 percent per connected employee. As a result, these businesses pay 4.2 times more per employee to deal with cybercrime than their larger peers.
“Security leaks are so rare there’s no point getting serious protection”
Big, headline-grabbing security breaches are rare. But what about everyday fraud and smaller data leaks? Each might be smaller but cumulatively they can be devastating.
Despite the misconception that SMEs aren’t the target of data leaks, The Department for Business, Innovation and Skills discovered that 74% of small businesses reported a security breach in 2015. This is up from an astonishing 60 percent in 2014 and 64 percent the previous year.
And this is just the officially reported stats as victims of cybercrime often worry about admitting their systems were breached.
“Cybercrime is massively under-reported and it is partly because people don’t want to admit they have been conned or caught out for fear of scaring customers,” says Colin Borland of the Federation of Small Businesses in Scotland.
“We can’t be at risk because we don’t take online payments”
Cybercrime shouldn’t just be viewed as a digital bank heist. It doesn’t matter whether you deal with taking online payments; as long as you have records and a computer network you could be at risk.
Data is a hot commodity and once cyber criminals have taken control of yours, they can hold it to ransom. Have you got the funds to pay for the safe release of your appointment books and customer databases?
“We’ve hired an IT specialist to handle security, so we don’t need to know anything else”
Having an IT security specialist on your staff is a great way to start protecting your business against cybercrime. However, don’t assume they can be constantly aware of what’s happening on your network. Everyone who has access to your computers, phones and data should have training in cyber security best practice.
For example, your IT security specialist can establish an airtight defence against cyber-attacks, but what happens when Geoff from accounts unknowingly falls for a phishing email? Your network could be instantly compromised.
According to the 2014 edition of the BIS study, 70% of companies that had poorly understood security policies suffered staff-related breaches. By contrast, only 41% of those with comprehensive security policies fell victim to a leak.
“We have strong antivirus soIware on our systems, so we’re well protected”
A strong antivirus suite is an essential first step in protecting your data and your business. It can’t, however, protect from Distributed denial of Service (DDoS) attacks, in which your website is flooded with junk traffic that slows it down to the point of being unusable. Nor can it protect against web-based attacks, where cyber criminals exploit vulnerabilities in your code and steal data like customer credit card details. Cybercrime has evolved and your defence against it needs to as well.
“If an intruder gets in, we’ll notice right away”
Some cyber-attacks make their presence known immediately, with endless pop-ups or an immediate lockdown and ransom of your PC. Others are more insidious and hide away, spying and quietly harvesting data while preparing to gain more access to your network.
These Advanced Persistent Threats (APT) are a common problem for UK businesses. Data security company FireEye’s research revealed that British companies were the target of 17% of identifiable APT attacks across Europe, the Middle East, and Africa, in the first half of 2014.
Want to learn more about how to keep your SME safe? Become a cyber security master with our guide Cyber security and your business.