The biggest threat to businesses, no matter how big or small, is not fraud or theft; it’s cyber crime. That is why if there is one thing that companies should invest a lot of their time and money in, it is IT support to protect their cyber security.
Problem of cyber crime in the UK
For those who may think cyber crime is only a problem for huge corporations, government figures will make you reconsider.
They showed that 39 per cent of UK businesses identified a cyber attack in 2022, with 83 per cent of these reporting phishing attempts and 21 per cent claiming the threat came in the form of denial of service, malware or ransomware.
Of those businesses that claimed to have been attacked, 31 per cent said this occurred at least once a week.
The Active Cyber Defence (ACD) also revealed there were 7.1 million suspicious emails and websites reported to authorities in 2022.
This equates to almost 20,000 being flagged to the National Cyber Security Centre (NCSC) Suspicious Email Reporting Service every day that year. It also represents a growth of more than a third compared with the year before, demonstrating the speed at which the problem is escalating.
Consequently, 235,000 websites were removed by the NCSC between April 2020 and July 2023.
The Takedown Service, which is a government-run scheme that finds malicious sites and demands the owner removes them, managed to achieve 1.8 million takedowns in 2022.
At the same time, 570 companies that were signed up to the Early Warning service, which automatically informs a business of potential cyber threats, were warned about active malware operating on their networks in 2022.
Additionally, 2,270 were giving warnings about vulnerabilities on their networks, and 1,193 were told about a host on their network scanning the internet, which may suggest a compromise in their security.
Why is it more of a challenge for SMEs?
The Federation of Small Businesses (FSB)’s national chair Martin McTague agrees that cyber crime is as much a problem for up-and-coming enterprises as it is for big companies.
“A fifth of small businesses see cybercrime as the most impactful crime in terms of both cost and disruption to their operations,” he stated.
He noted that cybercrime is a “persistent risk” and small and medium enterprises (SMEs) need to make sure they are protected against it.
However, they face more challenges when it comes to avoiding cyber attacks, making them more vulnerable to online breaches.
For instance, their finances are not as strong as larger businesses, which means they cannot afford the best cyber security software or experts. They also have competing priorities, so they cannot devote the time, money and attention to cyber security that bigger organisations can.
This is why it is important to find affordable IT solutions that can use the right software and prevent cyber attacks from harming the business.
The government data reported that 35 per cent of businesses that faced a cyber threat in 2022 experienced at least one negative impact from this.
Small businesses also lost an average of £4,200 that year, with this figure increasing to £19,400 for medium and large businesses. Losing thousands of pounds can have a huge effect on any enterprise, but especially SMEs that cannot afford to lose any of their profits.
How can they reduce cyber security risk?
The first step to reducing cyber security risk for businesses is to hire experts who can protect their network.
This is considerably more effective than just downloading anti-viral software as cyber attacks come in all forms these days.
- Penetration testing
Cyber security specialists will first undergo ‘ethical hacking’, where they assess the entire system to look for any weaknesses. This is called penetration testing, which makes sure the security you have in place works, or identifies weak points that need to be improved.
- Security patches
If any vulnerabilities are found, a software will be used to fix errors in the code. These are called security patches, as they repair any issues so hackers are unable to exploit them for their own personal gain.
- CCTV
Many businesses overlook the importance of physically securing their building or office these days, as they are aware that cybercrime is a bigger problem than theft.
However, many hackers access the network by getting to the computers themselves. Therefore, it is essential to prevent anyone entering the building without authorisation and keeping each computer locked and password controlled.
CCTV cameras, door access codes, security alarms, and protective software all help to reduce the opportunity a hacker has at being able to gain access into the office.
- Training employees
It is also important to invest the time and money in training all employees about the threat of cyber security and how they can protect the network. If they do not understand what they can do to keep the system out of reach of hackers, they could easily make the company more vulnerable to attacks.
- Limit access
As much as you want to trust all your employees, it is also worth limiting access to certain data that is confidential. Anything that would threaten the security or finances of the company should only be accessed by those who are trusted with this data.
The more people who are allowed to see it, the greater risk there is of it falling into the wrong hands.
It is also important to have the ability to delete user accounts when needed. This allows business owners to quickly shut down someone’s access if it is felt they could be a threat to the company.
- Report anything suspicious
Businesses also have a role to play in preventing cyber attacks from happening to anyone else, so hackers are not able to get away with their criminal activity. They can do this by reporting any suspicious activity to the ACD or NCSC, who can look into the issue and takedown fraudulent websites or prevent malware threats from occurring.
