A UK report from the Federation of Small Businesses states that smaller firms in the United Kingdom suffer in excess of 7 million combined attacks annually at a cost of UK£5.3bn to the UK economy.
The types of cyber attacks most commonly suffered by small businesses are set out below, and all businesses have an obligation to put systems in place to protect themselves and their clients from cyber attacks.
However, it is also important to know where to draw the line between prevention of potential cyber attacks and keeping an eye on running your business. Not every possible hole in one's defences can be identified let alone plugged and protected by SMEs. Also, there is only so much of a budget which any SME can allocate to putting cyber security protections in place. However, it is every bit as important to have systems and plans in place for how to deal with a cyber attack when it does happen.
So the takeaway message from this brief post is - focus not only on the prevention of a cyber attack, but plan for when that cyber attack does happen and how your business will deal with it. It's not much use having the best cyber security systems in place and having no back up plan for when a breach then occurs nonetheless.
Consult a solicitor or data protection practitioner in advance and draw up an action plan to be followed in the event of a security breach. Also consult your IT system providers to draw up a plan to investigate how the breach actually occurred should it happen. Also, regularly train your staff on cyber security and inform them of any scams that have been reported to be targeting SMEs.
Ultimately this is about balance and addressing the risk appropriately. However, not every possible risk can be protected against so know when to draw the line and get back to running your business. Just make sure you have the back up plan ready to roll out should you suffer a cyber attack!
The types of cyber crime most commonly affecting small businesses are phishing emails (49%), spear phishing emails (37%), and malware attacks (29%) . Small firms are also concerned about hacking and fraud when the card is not present, with the average information breach setting them back 2.2 days. To combat this, four in five small firms use computer securing software, and well over half perform regular updates of their IT systems.