Cyber Security and Small Business

Since the Coronavirus outbreak, small businesses have faced a deluge of new problems while the world’s economy has shifted to a “new normal”. Millions of small businesses face a fundamental change in the way business owners and their employees work. Social distancing and lockdown has necessitated a significant rise in remote working.

Technology has projected itself as a beacon for championing new ways of working. An increase in demand for video calls and accessing data over the internet wherever business owners or employees are have been met by many solutions rapidly brought to market.

Unfortunately in these uncertain times, cybercrime is on the rise. The increased number of remote workers has meant theft through cybercrime is easier than ever.

Small businesses are possibly the most vulnerable and at the same time bearing the brunt of the world’s economic challenges.

As they scramble to adjust to new ways of working, what’s unclear is what is a safe way of conducting business in the new normal.

Cyber-crime is increasing exponentially

Cyber-crime is a big business and a lucrative one for cyber criminals. The global cost of cyber-attacks is expected to exceed USD$ 6 Trillion by 2021. That is a compounded annual growth rate of almost 65%.

Source: Cybersecurity Ventures; plus Various including Cost of Cyber Crime Study, 2019 and 2020

There is no doubt that the growth in cybercrime has been fuelled by world events and the shift in how we work. Workers access data and applications via personal or company owned Laptops, desktops, tablets and smartphones over the internet. Remote working diversifies the number of access points to the internet, giving criminals a multitude of options to attack workers outside of secure business environments. Not long after Covid 19 was declared a pandemic there has been a significant lift in cyberattacks on businesses around the world. A number of key examples are outlined below:

  • There has been a 400% increase in attacks on remote desktops in March and April 2020 alone.
  • In March 2020, email scams globally surged 660%
  • A surge in home working security breaches, where 1 in 5 businesses surveyed have experienced attacks via homeworkers

A shift in targeting

Cyber-crime is not a new problem.  Cyber criminals have been targeting businesses and exploiting weaknesses since the internet proliferated. Traditionally, these targets were the large, enterprise type organisations and a successful breach would likely yield a higher financial reward or any designed disruption would be greater felt.  The challenge to cyber criminals has been that these traditional organisations have deeper pockets, greater expertise and are now better equipped to defend and protect themselves.

A common view held by small business owners is, “this would never happen to me, they target large businesses”. Cybercrime is a lucrative market opportunity, as participation has increased in cybercrime overtime, criminals have had to expand beyond the enterprise or corporate sector for potential opportunities. As a result, cyber criminals have diversified to “new markets” and now small businesses offer almost infinite opportunities to diversify their efforts. Comments such as “it won’t happen to me”, “I already have anti-virus” exposes themselves as easy targets with a low level of awareness into the issue and how to address it.

The focus on small business is certainly alarming, according to Hiscox research, one small business in the UK is successfully hacked every 19 seconds. Around 65,000 attempts to hack small- to medium-sized businesses (SMBs) occur in the UK every day and around 4,500 of which are successful. Cisco estimates 53% of SMBs suffered a security breach globally as afr back as in 2018.

A breach can be catastrophic for a business

Thirty-three percent of UK organizations say they lost customers after a data breach. A Forrester study of UK and US companies found 38% had lost business because of security issues

Forty-four percent of UK consumers claim they will stop spending with a business temporarily after a security breach, and 41% claim they will never return to a business post-breach, compared to 83% and 21% for customers in the US.

How are attacks executed?

Cyber-attacks are attempts to steal value from you. As a small business owner, what you stand to lose is potentially far greater than the act of theft itself is looking to achieve. A successful cyber-attack could result in the loss of your reputation and what you’ve worked so hard to build.

Cyber criminals seek to exploit vulnerabilities to either steal personal information, data or money directly. The most commonly small businesses are targeted via phishing, business email compromise and malicious software.

Phishing

Phishing is an attempt to induce individuals to reveal personal information such as passwords and credit card numbers by pretending to be reputable companies or organisations. Commonly known as a scam, these kind of attacks are normally delivered via email. There are many types of phishing examples however businesses will commonly see examples such as

An email appearing coming from a reputable organisation such as PayPal, requesting individuals that take action that may reveal personal information

C-level fraud, where an email that appears to come from a senior officer of an organisation requesting individuals to transfer funds, make payments, install software or update personal details

Business email compromise

Essentially a type of phishing attack, except with slightly higher levels of sophistication. Essentially a cyber attacker gains access to corporate email accounts, (likely from being hacked via malicious links or a basic phishing attempt) and then takes on an identity. At that point emails are sent to employees to attempt to steal money or assets

Malicious software

Malicious software, often referred to as malware that enables attackers to have your computer perform actions without knowing. Malicious software or malware may look to access information, trick individuals into providing access to business systems, or even cripple systems, preventing businesses from operating until a ransom is paid (ransomware). Malicious software or malware can be either delivered via emails, attachments or websites

Where to focus resources to protect your business

Think of a home, a safe place for many, think of the walls as the perimeter surrounding your life and business. To prevent intrusion you could then support the perimeter with cameras/CCTV to monitor situation, those cameras give you a view of entry points and who or what intends to come in, you can then block entry with secure doors and locks to keep your family safe. Where you invest most your of your resources in protection will likely start with the most likely threat.

Something as simple as email…

In the context of protecting your business from cyber attacks, the most common source of cyber threats is email, in fact 90% of cyber security threats start via email. These emails potentially contain malware, attempt to steal sensitive information (Phishing) or pretend to be someone in order to get you someone to act in a way that compromises the business. Ensuring the emails you received are filtered from unwanted approaches should be fundamental to your choice of protection in setting a perimeter around your business.

Websites and using the internet

Unfortunately there are numerous suspicious websites in operation globally. Often in Cyber security these are referred to malicious websites. Individuals are encouraged via email, attachments and other websites to click on a malicious link. From there, malicious software is delivered to an individual’s device. The best defence here is known as web security. Here a web security application will leverage large databases that recognise malicious websites, then depending on the settings, prevent or warn an individual from accessing malicious websites. As attempts become more sophisticated via email, an additional level of protection from reaching malicious websites via web security is also a fundamental element of a strong perimeter.

Remote working outside of business networks

In the new normal, the lines are often blurred between business and personal use devices. An individual’s business or personal device represents another entry point of a cyber attack. A device that has been compromised may connect to a business network or systems. The compromise may have occurred via an attack from using personal or unsecured network environments, such as the pub or your home network. End point security provides protection by scanning the device for malware and blocks potential threats from entering the business network.

Where to from here?

The new normal, has necessitated the need for a strong perimeter to protect your business from cyber security. The options in market are vast and complexity is increasing. It is recommended that businesses maintain a perimeter that secures a business against the most likely threats first then extending to other common avenues for an attack.

First, email security to block 90% of most threats, second prevent you or your employees from reaching malicious websites and lastly as we all work differently and from anywhere on nearly any device, secure the device at the end point.

Marston’s Telecoms (MTL), is both a full ISP, and a technology provider that has built a reputation for innovation and dedication to developing solutions that positively impact the business environment.  MTL is backed by Marston’s PLC and it is this backing that has enabled them to rivals the biggest names in the UK connectivity and technology market. MTL is different in that they look at business from the inside, for MTL the way in which a solution positively affects the workplace or the ability to trade, is the key to success and so they have developed a range of solutions that many of the larger rivals just can’t match.

If you would like to speak to Marston’s Telecoms about protecting your business against cyber-attack, please call 01902 939 079 or email [email protected]