5 Simple Ways to Protect Your SME or Micro Business from Cyber Crime During Covid19

Businesses are at risk from cyber crime, which is estimated to cost the economy billions of pounds per year. Small and Medium Enterprises (SME’s) which make up 99.9% (5.9 million businesses) of the business population in the UK, are at particular risk from cyber crime.

The National Cyber Security Centre estimates that a SME has a 1 in 2 chance of experiencing a cyber security breach. Cyber-crime can include a range of attacks or breaches; Distributed Denial of Service (DDoS) attacks, to social engineering attacks (phishing, spear phishing, pretexting, scareware, baiting), online harassment (e.g., cyberbullying, trolling, revenge porn, hate crimes) and hacking (malware, crypto-jacking), account hacking and identity-related crimes (identity theft, doxing).

With limited resources, SME businesses are trying to survive in tough economic conditions in a Covid19 environment. As such, they understandably often concentrate on survival and growth rather than risk management and due diligence. This is because the latter can prove to be expensive and time-consuming. However, this approach leaves SME’s particularly vulnerable and open to cyber crime, including fraud. Many owners and managers are unaware of the risks, with little to no resources to deal with an attack or breach. A gov.uk survey released in March 2020 confirmed that cyber security breaches are becoming more frequent, with 46% of UK businesses and charities reporting a cyber-attack during the year.

A cyber-attack or breach could be catastrophic for a small organisation, operating on tight profit margins. Hiscox reported that the average mean cost of a cyber security breach for a small business in 2019 was £11,000. This figure included costs such as ransom payments, hardware replacements and indirect factors such as business interruption. However, financial consequences are not the only threats from cybercrime. Social and economic consequences resulting from reputational damage can be costly too and is a threat that businesses face — regardless of their size or financial standing.

It is therefore vital to protect and defend your SME business, by following these 5 simple steps to safeguard your business from cyber crime and breaches:

1. Implement Antivirus Software and Use Secure Passwords

Some businesses were not prepared for staff to work from home under normal circumstances, but with the Covid19 pandemic, businesses have been forced to ensure staff can work remotely safely and securely. With most office workers and those that are physically able do their jobs remotely now working from home full time, personal laptops, iPads, computers, and all other devices that are used for work purposes should be installed with up-to-date antivirus and antispyware software. Wi Fi networks should be secured with passwords (that are not easy to guess) and all software for operating systems should be kept up to date.

2. Control Access Data

In the traditional office workplace, IT would ordinarily set up computers with suitable networks, user accounts and setting permissions to protect accounts and defend against breaches. However, during the Covid pandemic with staff working at home remotely, often using their own personal devices, this can be more of a challenge for small businesses. Therefore, it is important for businesses to provide employees with their own password protected user accounts, to control access to computers and the network avoiding user open admin accounts. If possible, limit the authority to download software and access sensitive data.

3. Offer Cyber Security Staff Training

Lack of staff training whether in or out of the office remains a huge obstacle in preventing some forms of cyber crime, and in particular email fraud. In the case of a spear phishing email attack, the attacker impersonates the CEO (or other management professional) with the goal of tricking staff employed in the company, to transfer money or reveal sensitive data to the attacker. With staff cyber training, staff can learn to detect suspicious emails and avoid clicking on emails that are part of a phishing scam or malicious links. Providing staff training of key principles is also necessary. For example, promoting common practices such as getting staff to lock their computers when they are away from their desks even when at home, as well as regularly changing their passwords is advisable.

The National Cyber Security Centre offers SME businesses free training in basic cyber security principles, including a ‘top tips for staff’ e-learning program for their staff here. Additionally, the Cyber Protect network in the UK consisting of ‘Cyber Protect’ police staff, are currently offering free cyber awareness sessions to organisations including SME’s, find out more here.

4. Report Cyber Incidents and Breaches

Action Fraud is the UK’s national reporting centre for fraud and cyber crime. You can easily report fraud if you have been scammed, defrauded, or experienced cyber crime using their online reporting tool here. Action Fraud will pass on all fraud cases to the National Fraud Intelligence Bureau (NFIB), which is overseen by the City of London Police. Making a crime report to Action Fraud also means that you will receive a NFIB reference Number, which you may need if you plan to claim from your cyber insurance cover.

5. Develop a Robust Long Term Cyber Security Strategy

Board members and directors must take a top-down approach to cyber security. This is not just the remit of the tech team, but for a SME or micro business who may not have a dedicated IT team or IT specialist, it is even more important to have a robust strategy. Outsourcing to a third-party security provider may be an option for those businesses which have the capital to invest. But for those on a tighter budget, the Global Cyber Alliance Cybersecurity toolkit provides a free online resource specifically designed for small to medium businesses, offering actionable guidance and tools to combat cyber crime. With the GCA toolkit, in six steps you can start improving your security for free.

Cyber crime is a huge threat to SMEs both financially and reputationally. As the adage goes: Prevention is better than cure, so follow these easy 5 cyber security top tips today to build your defences against a cyber attack or breach.

About me: I am currently working on initiatives with the UK Government to improve SME businesses awareness and their defence of cyber crime. Cyber crime is a complex and persistently evolving topic, one that I cannot cover sufficiently here, but follow me as write more articles and offer further tips and guidance @kellycoulter12. I also write about all things crypto, including Bitcoin and Blockchain!