Business-owners are usually eternal optimists with a can-do approach. Let’s face it, with all the obstacles to setting up and running a successful operation, they need to be. Britain’s 5.7 million SMEs are testament to the sheer drive of British business people.
However, thriving companies continue to find themselves the target of cyber crime and SMEs are being disproportionately affected – the average cost to SMEs is as high as £25k annually, according to the Institute of Directors.
So what should you look out for? This week we focus on some on some of the ways in which your business may be attacked by cyber criminals.
Six common ways your company could be falling victim to cybercrime include:
1. Computer hacking – criminals can exploit IT software vulnerabilities to find a way into your computer. Whether it’s outdated and unsupported software or insufficient anti-virus protection, when hackers break into your computer networks they are able to get access to your business’ sensitive and personal data which may relate to both customers and staff. The data is then used to commit fraud in a variety of ways.
2. Phishing – this is another way to get at the data and personal details of your business. Fraudsters may entice you or your staff to click on authentic-looking but malicious website links or attachments with the aim of infecting your computers or devices. These randomly-generated emails are often sent to huge numbers of addresses hoping to get lucky. The related but more sophisticated ‘Spear-fishing’ is where cyber criminals use some personal information to dangle as a carrot, to earn your trust, lower your guard and lure you to click on the malicious link.
3. Malware & Computer Viruses – criminals can come up with software which, unknown to the user, collects information or other valuable data from their computers, or other devices. The hidden malware or viruses can become installed commonly when users download documents from the internet or from emails. It may be:
– Spyware: which, for example, tracks your browsing history and gathers information
– Keylogging: where criminals record exactly what you’re typing to steal confidential details such as passwords, credit card details etc.) or even
– Scareware: which urges panicked users to download an update to combat an imminent virus attack
– Ransomware: is geared to deny you access to your files until you pay a ‘ransom’ to the hacker, crippling to those businesses who are incapacitated until they pay – it was the WannaCry ransomware which hit the NHS in May 2017 as well as organisations around the world.
Once criminals have your data, they can commit a variety of cyber crimes which can have terrible consequences for your business, putting your profitability, reputation and business health at risk:
4. Distributed Denial of Service (DDoS) attack – cybercriminals can target your business website to orchestrate a large volume of traffic making your website crash. This can be devastating for a business which relies on online sales, promotions or marketing. Criminals may use a DDoDs attack to test your system’s vulnerabilities, to divert you while other fraud is committed or they could even hold the business to ransom until a fee is paid to restore the website.
You loose out on sales, potential future customers and put your systems at risk.
5. Fake Invoice scam – your busy payment staff receive an invoice requesting payment for goods or services which looks just like the real thing. In fact, the invoice is fake and sent by fraudsters. It’s for fictitious goods or services which haven’t been received or may even mimic the invoice of one of your existing suppliers after criminals have hacked your data.
6. Supply Scams – a caller may contact your company and mislead an employee into repeating the order number for an order which has already been placed – typically this is done for stationery as it is a good bet that most firms order stationery supplies. Your company then receives overpriced supplies together with an invoice demanding payment for the goods that were never legitimately ordered in the first place.
Cybercriminals are attacking businesses of all sizes
Cybercrime in larger firms tend to hit the headlines. For example cyber attacks on financial firms increased fivefold in 2018. This week the Financial Conduct Authority revealed finance companies reported 145 data breaches last year compared to 45 attacks in 2017. Banks such as Barclays and Santander had no option but to shut down their systems after relentless attacks which cost them huge amounts of money to rectify.
A chief information officer at one UK bank reportedly said: “We are seeing a lot more threat actors knocking at the front door . . . it ranges from individual kids to, increasingly, the criminal fraternity and national states. You have to constantly improve to keep up and protect yourself.”
It’s a common misconception to think that only large firms are targeted. Many cyberattacks in SMEs tend to go unreported and may be inaccurate to quantify. However, only this month it was reported that five people in the UK had been arrested in connection with a “high-level” cyber crime gang that targeted UK businesses with malware, intending to defraud businesses. The police said: “This investigation has identified complex and sophisticated methods employed by an organised criminal network to target the cyber security of businesses across the UK.”
What should you do when you realise your business has been scammed?
When you realise your business has suffered a loss as a result of cybercrime or that you have been scammed making your systems and/or data vulnerable here’s the steps you should take:
● Act immediately , don’t delay but take immediate action to safeguard your business from further damage.
● Take steps to rectify damage e.g. contact your bank, lockdown your databases and customer details.
● Report it to Action Fraud , the UK’s national reporting centre for fraud and cyber crime where you should report fraud if you have been scammed, defrauded or experienced cyber crime.
● Consult a professional IT firm about how the prevent being a victim of cybercrime again. It’s important to invest in identifying where and how your business may be at risk from cybercrime – get help to identify, assess and reduce the risks.
360ict Ltd has decades of experience in helping small businesses. We offer cyber security guidance and advice to keep SMEs safe and thriving.