In the current economic climate, we know that small businesses believe they do not have the budgets or time to prioritise cyber security. Often, many SMEs also feel that they are not of interest to online criminals as they’re not big enough or their profits are too small, sadly we know that this is far far from the truth.
There are many ways in which SMEs can protect themselves from the threat of cyber-attacks and the majority of these are free and simple to implement. For example, turning on two-step verification for social media channels and email accounts is a very simple way to add a layer of protection, or using a strong password will help to keep you in your accounts and criminals out of them.
To help SMEs understand the threat that cyber-attacks pose, we have created a Frequently Asked Document (FAQ) blog to expose the most commonly asked questions on why SMEs should take cyber security seriously.
FAQ’s:
What is a ‘cyber risk?’ Cyber risk is a potential exposure to financial or reputational loss or harm stemming from an organization’s information or communications systems.
What is cyber security? Cyber security refers to protecting hardware, software, and data from attackers. The primary purpose of cyber security is to protect against cyberattacks like accessing, changing, or destroying sensitive information.
Why is cyber security necessary for small businesses?
Cyber-attacks are potentially ruinous events for business owners. The average cost of a cyber security breach in the United Kingdom is £1,010 across all businesses, however, this figure becomes greater as the size of a business increases.
The cost of a cyber-attack is not only financial, without any protection in place cyber-attacks can cost businesses in many other ways. Often, cyber-attacks will have impact on the ability for customers and clients to trust the business, whilst also impacting upon employee integrity, data integrity and the longevity of the business.
What are the differences between a cyber incident, cyber attack and cyber threat?
Types of cyber-attacks:
What is ransomware? Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid.
What is Malware? Short for malicious software, malware is specifically designed to disrupt, damage, or gain unauthorized access to a computer system.
What is Phishing?
Phishing’ is when criminals trick their victims using scam emails, text messages or phone calls. The aim is often to make you visit a website, which may download a virus onto your computer, or steal bank details or other personal information.
Phishing is often untargeted, in the form of a mass email, text or cold calling campaign.
However, an attacker may use more targeted information to make their messages more persuasive and realistic (sometimes known as ‘spear phishing’).
What is Business Email Compromise?
Business email compromise (or BEC) is a form of phishing attack where a criminal attacks a business in order to defraud the company. Criminals behind BEC send convincing-looking emails that might request unusual payments or contain links to 'dodgy' websites. Some emails may contain viruses disguised as harmless attachments, which are activated when opened.
Protecting your business to mitigate cyber risks:
What is Two-Step verification?
Turning on 2SV is one of the most effective ways to protect your online accounts from cyber criminals.
You should protect your most important accounts (such as email, banking, social media and online shopping) by making sure you have 2-step verification turned on for each of them.
2-step verification (2SV), which was previously known as two-factor authentication (2SV) or multi-factor authentication (MFA), helps to keep criminals out of your accounts, even if they know your passwords. The NCSC recommends you take time to set up 2-step verification on all your important accounts, even for ones that you've protected with strong passwords.
How do I make my business safer?
For businesses, improving your cyber hygiene is critical to protecting your business from cyber-attacks. Cyber hygiene refers to the practices and steps that all computer or device users within a business take to maintain and continuously improve their security both on and offline. These practices are often part of a routine to ensure the safety of identity and other details that could be stolen or corrupted.
What steps can I take to improve my cyber hygiene?
1. Install a reputable antivirus and malware software
2. Protect computer with robust firewalls and secure routers
3. Update all software regularly
4. Set strong passwords using the NCSC’s password guidance
5. Enable 2-step verification
6. Employ Device Encryption
7. Back up all files regularly and keep an offline copy disconnected from live devices
8. Secure your router
9. Join your local cyber resilience centre for regular and free guidance, toolkits and resources all designed for SMEs.
What can I do if I think I’m being/or have been attacked?
The South East Cyber Resilience Centre is here to provide help and guidance to protect and prevent businesses from falling victim to cybercrime. If you think you have fallen victim to a cybercrime, you need to know how to report it.
If you are a business, charity or organisation that is currently suffering a live Cyberattack, then please call Action Fraud's 24/7 helpline on 0300 123 2040.
What is a supply chain?
If your business has a company that supplies its stationary, printing and computer equipment or office premises cleaning and you have digital contact with these suppliers, then they form party of your supply chain.
A supply chain is the network of all the individuals, organisations, resources, activities and technology involved in the creation and sale of a product. A supply chain attack is a cyber-attack that targets the less secure elements of a company’s supply chain, with the intent to cause serious damage for those on the end of the attack.
The more links in a supply chain, the more vulnerable it becomes which highlights the importance of securely handling and storing data.
How do I protect other companies and partners that I work with? (Your supply chain)
Build your cyber resilience with The South East Cyber Resilience Centre
Would your business survive a cyber-attack? We offer a #FREE membership that provides expert guidance and toolkits to help boost your business's cyber resilience levels against cyber-attacks.
➡️Download your free information pack here https://www.secrc.police.uk/free-information-pack
Click to Open Code Editor