Protecting your smaller business from cyber attacks
Protecting your business from hackers, cyber criminals, and malware is as important as physically safeguarding your premises.
According to the Cyber Security Breaches Survey, 39% of UK businesses were subject to a cyber attack in 2022, with an average cost per attack from loss of money or data of £4,200 for all businesses reporting an attack.
Putting measures in place to stop cyber criminals in their tracks can help protect valuable customer data, commercial intellectual property, and demonstrate to customers and investors that your business has robust systems to protect digital assets and data.
Failing to protect data can open the door to significant penalties.
The Information Commissioner's Office (ICO) can issue fines of up to £175 million or 4% of global annual turnover in the event of a severe data breach.
The Cyber Security Breaches Survey found that just over half (54%) of businesses had actively identified cyber security risks in the previous 12 months, yet only 17% of all UK businesses had carried out any form of staff cyber security training.
What is a cyber attack?
A cyber attack is any offensive or invasive action targeting computer systems, networks, or personal digital devices.
Depending on its purpose, a cyber attack can take many forms and common types include:
Phishing
This is the most common type of cyber attack reported by UK businesses – accounting for 83% of all cyber attacks in 2022.
Phishing involves tricking business employee into sharing security information, such as passwords and usernames, that allow criminals to access computer systems and networks.
Phishing often takes the form of a fake email asking users to visit a phoney website that steals the data entered.
Malware
Malware is an umbrella term for malicious software.
It often is deployed as a software program hidden within an email attachment or downloaded from a compromised website.
It can enable hackers to bypass security networks and steal data.
Denial of Service (DoS)
A DoS cyber attack usually has no direct benefit to the perpetrator and is often socially or politically motivated.
A DoS attack floods a website server with more traffic than it can handle, preventing legitimate website users from accessing your company website, for example.
Ransomware
According to research by Hiscox, criminals are increasingly using ransomware to target businesses.
Criminals illegally hack into a company's IT systems, then encrypt files and other data, which prevents genuine users from accessing them.
Hackers usually demand a ransom – which can run into millions of pounds – to decrypt the data and allow a business access to its files.
How to reduce the risk of cyber attacks
Create a Cyber Action Plan
A Cyber Action Plan is a free service provided by the National Security Cyber Centre to help individuals and small businesses improve their cybersecurity.
After taking a short quiz, the NSCC will create a tailored list of actions that will help bolster your cybersecurity.
Provide staff training
Most cyber attacks rely on tricking employees into sharing passwords or inadvertently installing malware.
Social engineering tricks are deployed, such as fake company emails, which means training staff in how to spot security breaches and what to do may help reduce the risk of a successful cyber attack.
The UK's National Cyber Security Centre (NSCC) has free online training for employees.
Have a clear security policy
Another possible way to respond to the threat of cyber attacks is to coach your employees on how they should behave and what they should do in relation to data security.
This can cover policies such as visiting websites, connecting their own devices to company networks, and transferring data with third parties such as suppliers.
You could make employees aware of these policies and regularly review their effectiveness.
Flag potential attacks
By encouraging employees to report suspicious emails or websites you can create a cyber secure culture where employees check first before clicking on a suspicious link.
If they do fall victim to a phishing scam, for example, you could provide a way for them to report it without fear of disciplinary action.
Store back up data separately
It can be a good idea to routinely back up data separately from computers, ideally offsite and in remote locations to minimise physical damage and cyber attacks.
Online data storage services, such as Amazon Web Services and Google Cloud, store business data on demand in different locations worldwide, along with disaster recovery tools.
Stay up-to-date
Ensure vital security software is up-to-date.
This includes computer operating systems, anti-virus software, anti-malware software, and firewalls.
Out-of-date software can have security holes that hackers can exploit to gain access to your network.
What else can you do?
Besides the above actions, you may wish to consider joining the Cyber Essential Certification Scheme.
This government-backed initiative helps businesses of all sizes protect themselves against the most common cyber attacks.
Implementing an ISO 27001-certified information security management system is another way to ensure, and demonstrate, best practice in keeping digital data assets secure.
Disclaimer: We make reasonable efforts to keep the content of this article up to date, but we do not guarantee or warrant (implied or otherwise) that it is current, accurate or complete. This article is intended for general information purposes only and does not constitute advice of any kind, including legal, financial, tax or other professional advice. You should always seek professional or specialist advice or support before doing anything on the basis of the content of this article.
Neither British Business Bank plc nor any of its subsidiaries are liable for any loss or damage (foreseeable or not) that may come from relying on this article, whether as result of our negligence, breach of contract or otherwise. “Loss” includes (but is not limited to) any direct, indirect or consequential loss, loss of income, revenue, benefits, profits, opportunity, anticipated savings, data. We do not exclude liability for any liability which cannot be excluded or limited under English law.
Tags related to content:
Making business finance work for you: Expanded edition
Our Making business finance work for you: Expanded edition is designed to help you make an informed choice about accessing the right type of finance for you and your business.