Connect with us

Hi, what are you looking for?

Business

Cybercrime and SME’s – why your business could be next

What do the terms ‘malware’ and ‘ransomware’ mean to you? Probably not very much given that they sound more like plot lines from an Ian Flemming novel rather than very real threats to the stability and viability of our businesses.

However, they are likely to become as familiar to small business owners as ‘profit’ and ‘invoice’ are to us now.

Why? Well according to recent government figures, some 53 per cent of SMEs were the targets of cyber crime in 2023. And ransomware (which is a type of malware) is the preferred method of attack used by cyber criminals. These figures are likely to be an underestimate as many SMEs prefer to ‘pay-up’ and say nothing rather than draw unwelcome attention to themselves.

Ransomware is a particularly vicious kind of cyber-attack where a piece of malicious software infiltrates a company’s IT network and renders it inaccessible until a ransom demand is paid.

So why should SMEs in particular be concerned about cyber-attacks? Many SMEs believe that they are too small or too niche to be attractive to ransomware criminals. That attitude is exactly why SMEs can find themselves in the crosshairs.

SMEs are easy picking for cyber criminals as they frequently have the weakest anti-virus software installed. Off-the-shelf antivirus protection packages are no match against sophisticated cyber criminals who will simply brush aside virus protection software. It’s like throwing a cup of water on a house-fire. Also, cyber criminals could well be targeting larger companies along your supply chain.

Small businesses find themselves victims of ransomware, not because they have been individually targeted by a criminal, but because of simple human error.

Believing that they are unlikely to fall victims to a cyber-attack, the majority of SMEs fail to adequately inform and educate staff about cybercrime and what to look out for, particularly with regard to ‘phishing’ assaults. This is where a perfectly normal looking email – perhaps from a supplier or government agency – is opened and instead of being legitimate, it is laced with ransomware and once unleashed onto an SMEs computer network it wreaks havoc.

Without comprehensive protection, and staff training too many SMEs will panic and simply give-in to a ransomware demand, hoping that cyber criminals will be honest enough to release the crucial data they have ring-fenced and encrypted – like bank account details or customer account information.

Why would a cyber criminal kill the goose that has just started to lay golden eggs?

One small business we know fell victim to a devastating ransomware assault. A member of staff at a dental practice in the Midlands received what looked like an invoice from a supplier. It wasn’t. Once opened, ransomware was released  and the practice was unable to access patient records, appointment details and billing information. Then the demands for payment appeared.  If they refused to pay, the data could be destroyed, or sold to the highest bidder on the dark web.

Another SME client of ours (well, they are now) watched helpless as, at exactly 08.00am, some 3000 emails left their servers and went to clients and suppliers. There was nothing they could do. A colleague had worked on a home computer at the weekend and saved the work onto a memory stick. Once plugged into the company’s network on Monday morning, the network was flooded with ransomware.

A client was attending a trade exhibition and was on an exhibitor’s chat room. Up popped an advertisement for exhibition furniture. It looked interesting, so they clicked on it to find out more. It was riddled with ransomware, and we were called in to clean up the mess and create the strongest malware identification, isolation and removal package.

These attacks on SMEs inevitably lead to huge disruption, significant cost, loss of business focus, loss of revenue, reputational damage and ultimately bankruptcy. Not to mention the legal consequences and non-compliance issues.

The recent trends toward working remotely, often from home, or storing data in the cloud, accepting on-line payments and conducting business online, all conspire to create a cyber criminal’s playground.

There are several actions that SMEs can take to minimise their exposure to criminality including:

Training employees to identify phishing attempts
Backing up data and keeping it offline
Keeping security patches up to date
Having robust anti-spam processes
Introducing multi-factor authentication
Configuring your firewall to repel invaders…and so on.

If all that sounds a bit overwhelming, then outsource all of it to a cyber security specialist company which has a commercial interest in keeping your business safe.

All the indicators are that 2024 will be the year that SMEs are confronted by wave after wave of catastrophic cyber-attacks. All the signs are there and in the realm of cyber criminality, prevention is far better than cure.

Read more:
Cybercrime and SME’s – why your business could be next

Advertisement

    You May Also Like

    Investing

    RevisingTheBankSecrecyAct_NorbertMichelAndJenniferSchulp_CMFAWP007   The post Revising the Bank Secrecy Act to Protect Privacy and Deter Criminals (CMFA Working Paper No.007) appeared first on Alt-M.

    Investing

    Recently, an investment advisor and Bitcoin proponent tweeted the claim that “[f]or most of human history” the “[s]eparation of money and state was the...

    Business

    Rollee enables worker’s to share their professional data, spread over one or more financial platforms. Ali Hamriti, CEO and Co-Founder of Rollee, is on...

    Business

    The energy crisis means that as the price of wholesale commercial energy hits an unprecedented high, businesses must pay notably more for their energy...

    Disclaimer: successfuldealnow.com, its managers, its employees, and assigns (collectively “The Company”) do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.

    Copyright © 2024 successfuldealnow.com | All Rights Reserved