Small businesses often ask us why they’d be of interest to cybercriminals. Because most of them don’t know about the government figures showing that two in five of them are hit every year. And because it’s only big businesses that make the headlines, they don’t realise how vulnerable they are. So what’s the attraction?
Well of course, a lot of attacks aren’t targeted at all. They just seek to exploit known weaknesses which are all around us. That might be a technical fix, which your small business doesn’t have because you’re using older software, don’t have IT expertise, or don’t update your systems regularly. Or it might be low staff awareness, which makes you more liable to click on dubious emails which larger companies would have filtered out with automated software. In other words, you’re not a particular target, you just happened to present yourself as one.
But it’s also absolutely true that you can be personally targeted. You have to file annual returns: so what you do, how much you make, and quite a lot else about you besides, will be on record. Cyber crime can be depressingly simple and if there’s a few thousand pounds as a payoff, a criminal might just come knocking. If you’ve low awareness and limited protection, you’re simpler to hit than a big business. And you’re less likely to have backup, incident response plans, or a technical team to help you, so if there’s a ransom involved, you’re quite likely to pay it. Plus, you shouldn’t underestimate how important small businesses can be: you may have important intellectual property information, or data which is worth a lot of money.
Which brings us to the last point: it’s not always about you at all. Sometimes, small companies are linked to bigger ones. And bigger ones are often harder to crack open. So if someone can compromise your accounts, they can use them to send malicious software and links on to the people you do business with.
But of course, with your limited resources and possibly limited expertise, you can’t do much about cybercrime anyway. Or at least, that’s what we’re often told. The good news is, there’s loads you can do. In the real world, you can’t afford a bank vault in your basement, but it doesn’t stop you locking your front door. And in the digital world, a few simple steps will make you a very much tougher proposition. Use strong passwords, implement two-factor authentication, updates your systems, and train your staff. All of it can be free. If you want to know more, your local cyber resilience centre is here to help. Police-led, Home Office funded, and with free core membership
to help regional business.