For small and medium-sized enterprises (SMEs) in the UK, customer data and cybersecurity are often paramount to success. And with the ongoing COVID-19 pandemic affecting how businesses operate and interact with their customers, keeping data safe has never been so important.
However, new research commissioned by Defense.com has revealed that nearly 50% of small British businesses are spending under £1,000 a year on cyber security. The same research also showed that 35% have reported that the pandemic has increased their exposure to cyber risk. So, what are the cyber risks to SMEs and how has the pandemic impacted the future of cybersecurity for small British businesses?
SME business security impacts
By ignoring your business’s IT security needs, you’re putting the company at risk. There can be many repercussions for a small business choosing not to invest in the protection of their own and their customer’s data, including:
- Business disruption. An attack on your business’s systems may incapacitate your network or force you to shut down parts of your business, reducing your productivity and potentially losing profit.
- Corrective costs and regulatory fines. If customer data has been breached, you will need to contact affected customers as well as the relevant data protection authority, which in the UK is the Information Commissioner’s Office (ICO). Not only can this process be time-consuming, but the ICO can also decide the breach is the result of a GDPR violation and you may face a financial penalty and legal action.
- Reputational damage. Any downtime or breach in customer data you experience could also result in damage to your business’ reputation and require you to rebuild trust with customers.
Main security risks for SMEs
There are many reasons why an SME might not invest heavily in cybersecurity, including cost and believing they are too small to be attacked. Unfortunately, this isn’t the case and can lead to them falling victim to cyberattacks. When it comes to SME cybersecurity, there are 5 main risks:
- Hacking. Hacking occurs when an individual gains unauthorised access to your business’ computer system to manipulate or steal data.
- Malware. Malicious software designed to cause damage, malware can be used to attack computers, servers and computer networks. Although there are different types of malware, they all have the same purpose – to compromise a system to allow access for ill intent, including stealing data.
- Phishing. Often disguised as an email or text message, phishing attacks are used to obtain sensitive information such as usernames, passwords and credit/debit card details.
- Ransomware. Ransomware is a type of malware used to infect a computer system and hold it to ransom in exchange for a payment. Ransomware can be disrupted through phishing scams and is becoming a popular method of attack by cybercriminals.
- DDoS attacks. A distributed denial-of-service attack (DDoS) attack attempts to disrupt a computer or network by flooding them with so many requests, they either crash or have to be shut down. This can leave a business unable to trade for minutes to days.
How has the COVID-19 pandemic affected cybersecurity?
Since the beginning of the COVID-19 pandemic, cybercriminals have not only continued to attack individuals but also businesses, taking advantage of changes in how businesses operate and how their consumers interact with them, such as in the case of home working leading to an increased exchange in data.
Working from home
In response to the pandemic, many companies have implemented home working practices, significantly increasing the number of people now working from home. Not only does this mean that home workers are unlikely to enjoy the same level of cyber protection compared to working in an office, but it also means that there are more entry points for cyberattacks.
Although SMEs may not have as many entry points as larger organisations, these entry points are a potential threat and can be exploited by cybercriminals, especially if cyber security is not fully invested in. Because home working is likely to stay, companies need to protect themselves and invest in cyber security to protect themselves and their homeworkers.
Personal data
The amount of personal data now taken and stored by businesses around the world has grown during the pandemic. The growth in eCommerce and creating online profiles for booking services, the large amount of customer data stored creates more opportunities for cybercriminals to try and infiltrate sensitive files. For some SMEs, this may never have been a problem before, with little customer data kept on file depending on their services or products. But with the changes in how many businesses operate, they need to protect whatever data they have stored to prevent breaches by investing in great cyber security for now and in the future.
– Originally written by Oliver Pinson-Roxburgh, CEO and Co-Founder, Defense.com –