“SMEs reportedly not prepared for cyber-attacks” – More and more SMEs are subject to cyber-attacks and are worryingly not prepared for them

Amongst all the ‘high-profile’ data breaches like Yahoo and TalkTalk, there isn’t a lot of media coverage surrounding small-medium sized enterprises (SMEs) and the data breaches they’re guilty of.

However, SMEs should remain vigilant as there is a rise in cyber-hacks in recent years, with cyber-criminals targeting small businesses just as much as the larger ones.

The legislation affects us all, so no one can hide from it – no matter your size!

Statistics of cyber-attacks against SMEs

According to a PwC study, cyber-thefts have increased by 56 per cent. There could be multiple factors as to why there has been such a sharp increase in recent years, but the major point is that it seems that no one is vigilant enough or ‘cybersecurity’ ready to fend off potential hacks.

Symantec, a ‘global leader in next-generation cybersecurity’, released figures that should be worrying to SMEs. They reported that almost half – to be exact, 43% – of cyber-attacks worldwide were conducted against small businesses with less than 250 employees.

So SME businesses need to be concerned.

Why are SMEs targeted?

It seems cyber-criminals may be targeting SMEs more and more. This could be because larger companies can sometimes be harder to attack as they sometimes have dedicated departments to deal with cybersecurity. The same cannot be said for SMEs who may not be able to afford 24/7 monitoring or have dedicated teams.

According to the World Economic Forum, cyber-crimes are listed as a top global risk. With that in mind, why are companies (specifically small ones) taking a relaxed attitude to cybersecurity and their data protection?

It’s reported that many small businesses have poor cybersecurity. They may lack protective safeguards such as anti-phishing email systems; a cybersecurity team; data encryption processes; and other measures that may be costly. It may be almost ironic that the companies being increasingly targeted are SMEs, yet they’re the ones without adequate cybersecurity protection.

A survey commissioned by Nationwide revealed that 8 in 10 SMEs lacked a cyber-attack response plan.

Easy targets?

There are a number of ways that SMEs are being subject to cyber-attacks. With a lack of adequate cybersecurity, cyber-criminals could break into businesses through easy tactics like phishing attacks. This is where cyber-criminals may seek to obtain sensitive information by masking themselves to be a trustworthy entity. Cyber-criminals often send out these malicious spam emails to SME employees pretending to be a bank, for example.

Another tactic that is used on SMEs is ransomware attacks. This is where cyber-criminals install malware on a computer which can then be locked down through encryption, with access and data only returned once a ransom has been paid. This happened to a Blackburn-based company, MNH Platinum, who had 12,000 of their files encrypted on the demand of a £3,000 payment, or all files would be destroyed.

Consequences

The consequences of a cyber-attack can be very serious. It’s more than what is lost in the attack, it can also be a huge hit to the company’s pocket. The Information Commissioner’s Office can impose a fine of up to £500,000 for their breach of the Data Protection Act. What’s even worse for companies is the upcoming EU Data Protection Regulation, which can impose fines of up to 20 million EUR or 4 per cent of their annual revenue (whichever is greater), which is due to be enforced in 2018.

We of course agree that these new enforcement rules are good though.

Seven deadly data sins

David Prosser, an expert on SMEs, notes that SMEs are guilty of committing seven data sins:

• Employees will abandon their printing job if the printer has jammed or run out of paper – consequently leaving sensitive documents around;
• With hi-tech photocopiers, there are hard drives that keep all the images that it has photocopied in their lifetime. Cyber-criminals could access these hard drives once they’re taken out of their machines;
• Without care, sensitive documents end up in an unsecure recycling bin;
• USB drives;
• Simply leaving documents lying around on your desk;
• Unsecure storage units such as cabinets;
• Office laptops and mobiles, which could be accessed in a public communal space.

SMEs: listen up!

In an event of a data breach, the price to pay for SMEs can be devastating for the business. Having to pay thousands or millions in fines could shut down a SME. In addition to this, their reputation is also under threat. These consequences should be enough for SMEs to pluck up its ideas to enhance their cybersecurity!

“The NHS’ data protection obligation” – former NHS employee’s data breach shows the importance of the NHS’ duty to protect our data

Huge hack affects thousands of NHS staff