By Karen Wheeler, Vice President and Country Manager UK, Affinion
Cyber crime and security is dominating the UK’s news agenda; not a week passes without a high-profile attack or new piece of research revealing troublesome stats. Most recently it was Cifas, whose research revealed that it is identity theft we should be most concerned about, with 89,000 cases recorded in the first half of 2017.
But it’s not just consumers who are affected, the government’s Cyber Security Breaches Survey 2017 found that 45% of small businesses have experienced a breach or attack. SME data is becoming increasingly valuable to the cyber criminal.
So, what are the scams that small to mid-sized businesses are faced with? Are they more at risk of cyber-attacks and importantly, can they be prevented? Here are five cyber security traps that your business could fall victim to.
- Spear phishing
It’s a common assumption that cyber crime is only something that affects larger businesses with high turnovers and more data to steal. But Symantec found that 75% of SMEs, compared to 35% of large companies, were the victims of spear phishing.
Spear phishing is an email spoofing attack, in which an email requesting confidential information will appear to come someone the recipient knows personally, like a colleague with some level of authority. But in reality, the person behind the email is a cyber criminal after personal data.
- Ransomware
Ransomware is the term used for computer viruses that threaten to delete important business files unless the company pays a ransom. The recent and global WannaCry attack is a high profile example of this that hit larger businesses and public organisations. However, ransomware attacks on SMEs are on the rise, mainly because they believe they are the most unlikely targets.
Research by Malwarebytes found that more than a third of businesses with fewer than 1,000 employees were affected by ransomware in the last year, whilst one in six experienced an attack that resulted in 25 hours or more of lost time.
- Public Wifi Hotspots
Working on the road is increasingly common and staff will often take advantage of the public hotspots available to them. Indeed, according to Ofcom 77% of people think public Wifi was just as safe as their own personal internet connection. But whether it’s in a café or accessing emails whilst on the move, criminals can hack into public and commercial Wifi hotspot connections to steal sensitive data via the victim’s machine.
- ID Theft
It’s easy to that its only individual consumers at risk of ID theft. But in 2016, it was revealed by Experian that UK small businesses were losing an average of more than £2,500 each due to ID theft and card scams. Most ID theft takes place online and according to Cifas, obtaining insurance policies is a new trick being used by fraudsters.
- Lack of preparation
One of the most deadly traps SMEs can fall victim to is a lack of preparation. Without taking some form of preventative action, cyber attacks can lead to hefty fines for companies of all sizes that don’t take data protection seriously.
In May 2018 the General Data Protection Regulation (GDPR) will become effective and SMEs will face greater responsibility for the way they acquire, store and manage customer data in the long term, or risk hefty fines of up to 4% of annual turnover or €20 million for non-compliance.
On top of this, the government recently announcement its new directive that, once implemented, will mean firms that don’t protect themselves against hackers will face fines of up to £17m or 4% of their global turnover. SMEs will need to have protection in place soon, or reap the consequences of the costly penalties resulting from cyber attacks.
Today, prevention is better than cure. An attack can interrupt business and destroy reputation. Preventative solutions now exist, often offered through your insurance or bank provider as a complimentary service, that can help with this. For example, they might provide monitoring across the web, social media and dark web with alerts on suspicious activity, or in the event of an attack professional IT support to allow you to focus on your core business.
Once you know what the traps are, it’s easy to see that all of them can be prevented, it just takes a little investigation and time.