Between the lines: How small businesses can protect against cyber attacks

It is estimated that 4.5 million cybercrimes were committed in the UK in the year to March 2018. You are statistically more likely to fall victim to a cybercrime than to other type.
By Magda de Jager
Published 4th Nov 2019, 05:55 BST
Small business are at high risk of becoming unsuspecting cyber victims, says de Jager. Picture: Ashley CoombesSmall business are at high risk of becoming unsuspecting cyber victims, says de Jager. Picture: Ashley Coombes
Small business are at high risk of becoming unsuspecting cyber victims, says de Jager. Picture: Ashley Coombes

As cyber security systems become more adept at preventing and pursuing consumer fraud, cyber criminals are targeting public sector and larger organisations for new revenue streams.

Breaches have impacted banks, police forces and even defence firms. Wipro, a major IT services business, recently reported an attack on its systems after it was targeted by a phishing campaign.

The problems faced by large organisations should be a warning for small business, social enterprises and charities, which are at high risk of becoming unsuspecting cyber victims. And their supply chains offer some prime chances for cyber theft.

Smaller enterprises just do not have the scale, resources or systems to protect, prevent and counter cyber fraud. Furthermore, they tend to work with a much wider network of suppliers and intermediaries. A recent survey of IT risks among SMEs by Scott Moncrieff highlighted a very low level of investment in cyber security, poor understanding of the processes involved, and high levels of vulnerability to attack.

Cost-effective prevention

Any point in the supply chain that creates a break in the flow of relationships, information, products, logistics and services creates a potential for weakness in systems, and a window of opportunity for cyber crooks. Like a house purchase, the more links in the chain of suppliers, the bigger the risk, and the greater the costs, including: finding an alternative supplier, business interruption or shut down, scrutiny and fines from regulators, loss of productivity, reputational cost, loss of trust and subsequent loss of clients.

Prevention of cybercrime is far more cost-effective than having to deal with the bureaucracy, cost and reputational damage of a security failure. This could include adopting relevant industry guidelines and frameworks, invest in the latest technologies and ensuring that your systems are regularly patched.

Risk assess your suppliers and business relationships – do you know what their cyber security arrangements are? Have your suppliers invested in meeting cyber security standards? We recommend only working with suppliers who have complied with the UK Government’s Cyber Essentials standard, and if you are out-sourcing key processes only working with suppliers who can demonstrate compliance with ISO27001, an internationally recognised security standard.

Consider cyber insurance. Cyber risk is now a permanent feature of our lives, and increasingly so for businesses. You need to understand and manage not just the risk to your own business but also satisfy yourself that the businesses you depend on are taking the risks seriously.

- Magda de Jager, cyber security expert, Scott Moncrieff.

Related topics:SMEsUK Government