Every day, around the clock, businesses fend off all types of cyberattacks.
From malware through to social engineering and malicious insiders, attacks can start anywhere.
Covid-19 restrictions have massively increased remote working, resulting in more opportunities for cybercrime. Where once there was a single business location to protect, there are now hundreds or even thousands.
Even businesses created to support remote working can struggle to adequately manage the risk of cybercrime on this scale.
SME businesses suffer most
Most victims of cybercrime are SME businesses.
Fund transfer fraud, ransomware attacks, phishing, and social engineering are all made far easier with employees working remotely, coupled with insecure home networks.
Below are five reasons your business could be a prime target for hackers.
1. Lack of IT Investment
The news always focuses on big security breaches at major companies. However, SME businesses are more common victims of cybercrime and attacks. You will not hear about it as no business wants to ruin their reputation by admitting they are victims of cybercrime. But the Federation for Small Businesses (FSB) estimates that small firms are being hit with upwards of 10,000 attacks daily. The rewards may be less, but cybercriminals see SMEs as easy targets. SMEs often lack education and resources, investment in IT security, and staff training on cybersecurity risks.
2. Social Engineering
Social engineering is the act of manipulating people into doing things like sharing confidential information or carrying out bank transfers. SMEs are more exposed to this risk because:
- They have less basic security in place, such as two-factor authentication
- They do not always know the risks involved or train employees, who are the weakest link in IT security
- They work with a variety of third-party partners to run their business, which is the root cause of 41% of data breaches
- They almost always make and receive payments using bank transfers
3. SMEs Pay Ransoms Promptly
Choosing between paying a ransomware demand to potentially get back online faster or enduring a long period of business-crippling downtime, SMEs often feel that they have no choice but to pay ransomware demands. They do not have the support of a dedicated cyber incident specialist, which a Cyber and Data insurance policy can provide.
Once they have paid the ransom, the data is often not returned or if it is, it is found to be corrupted and unusable.
4. External IT System Usage
Most SME businesses need to be connected electronically to multiple IT systems of larger partner companies or businesses to enable them to operate and transact business. When cybercriminals are looking to hack into these larger and more cyber secure organisations, they are increasingly targeting their downstream suppliers. These SME businesses are often always less secure, and an easy ‘route in.’ Many of these IT relationships are visible through publicly available data.
5. Collateral Damage
From the WannaCry attack 2017 to the recent Blackbaud attack (over 166 UK companies have reported to the ICO that they have had a potential data breach), SMEs are often the collateral damage in large-scale cyberattacks that have nothing to do with them. SMEs think they are safe because they outsource their IT, but when a cyberattack is launched against one of their technology providers, it’s the businesses that rely on it that are often left facing business interruption losses, the associated costs involved with privacy notifications to customers, and the reputational damage.