I have a small business.  Do I really need to worry about cyber attacks?

I have a small business.  Do I really need to worry about cyber attacks?

Great question.  You obviously cannot believe everything you read and there is a great deal of doomsday propaganda out there which raises concerns that may not be at all relevant to your business and is often more concerned with selling you a product or service.

That said, even for the smallest business, this is an increasing risk that needs serious care and thought, albeit that is proportionate to the threat your business actually faces.

One of the common mistakes small businesses make is to think of the risk only in terms of being “hacked” and “why would they pick on us?  It wouldn’t be worth their time and effort”. Sadly, it isn’t at all that simple and we are not talking about a few hackers sat in their bedrooms trying to prove they can bypass security systems for fun.

As the BBC highlight, we are in fact talking about organised criminal gangs who will take the path of least resistance to commit their crimes.  Rather than spend hours trying to “hack” very sophisticated, encrypted, security systems and software, it is far easier to exploit the weakest link which is frequently the people in your organisation.

They work on an industrial scale.  They are probably not trying to exploit your business specifically unless you are holding especially sensitive or valuable information (e.g. credit card details) in large volumes.  It’s not personal. They simply cast their net very wide and exploit any opportunity or vulnerability they come across.

Ultimately, they are looking for a financial reward, either from you or through using your systems. It may be happening right now but you may have no idea about until it is too late!.

Sadly, the threat is also only going to get worse, as the BBC’s article highlights.

How do they Get In?

We need to make a distinction between the computers you have in the office and the server your website operates from. Both can be affected and in different ways.

In The Office

For small businesses, a common threat comes from malware. Once in your system, this can do all kinds of things, some will be more obvious than others.

The point of entry is commonly a member of your team clicking on an image, file or weblink contained in an email or on a website.  Possibly to a legitimate, ostensibly trustworthy, website that has been infected or a website they shouldn’t be visiting at work!

Your Online Presence

If your website uses popular website software it too could become compromised. If security and maintenance updates are not regularly installed known vulnerabilities can be exploited that would otherwise have been fixed.

A common problem with some cheap hosting packages where regular software maintenance and monitoring may not be included

So worst case?

Scary stuff! For example

• The loss of confidential data (which can be sold on and used later by criminals) can lead to huge fines for breach of Data Protection legislation.  Fines that could cripple your business. SME’s are not immune to the threat or the punishment.

• Ransomware, a type of malware that can affect your PC or laptop. Some types will encrypt all your files making the device unusable unless you pay the criminals a ransom. Make sure you have proper, reliable (test them!), backups of critical data.

• Malware could be on your website, essentially invisible, depending what it is this can do many things and includes, setting up links to dodgy websites which can destroy your search engine rankings, using your server resources to send out emails on behalf of a spammer. This can get your server blacklisted and affect your own email delivery.
  A visit to your company website could prompt the download of a file that will infect the visitor’s computer (a common method of delivery used by some ransomware).

The Consequences

At best, you face the loss of trust of those who visit your website or receive emails from you.  As an e-commerce business, this could be catastrophic. A telltale sign may be a warning the visitor receives from either Google or their own Antivirus software warning them not to access your site.

You will appreciate that once your systems are infected with malware, it isn’t easy to remove them. Invariably, it takes many hours of costly work, either re-installing everything back onto your computers or web servers, identifying the threat, dealing with complaints and possibly regulatory authorities.

However, there are lots of simple things you can do to significantly reduce the risk to your business that are easy to implement and manage and which will not cost the earth (a tiny percentage of the potential cost of the threats above).  What you definitely shouldn’t do is bury your head and assume it will only happen to someone else.

A good starting point is to ask Bix to review your online processes and highlight the threats and the things you can do to mitigate them.  We offer this as a complimentary service, without charge or obligation.

If you would like to find out more how we can protect you from cyber threats, please call us on 01524 489850 or email us at [email protected].