Skip to content

Cybercrime and small businesses – do they know the risks?

Although, there is a dark side to this newly gained reach. UK businesses faced an average of 146,491 attempted cyber-attacks in the second quarter of 2019, equating to one attack every 50 seconds, says UK Cyber Threat Report Q1 2019 by Beaming. Smaller companies that are making the leap to the online world are opening themselves up to the ever-changing world of cyber-crime. Mastercard, Google, British Airways and Facebook have all fallen victim to hackers, putting at risk millions of customers’ personal data worldwide. Despite 93% of SMEs having taken steps to protect their business against cybercrime, two-thirds of small businesses have been a victim of such crime, proving that smaller companies are not immune to such attacks.

Cyber breaches cost the average small business £25,700, and government highlights that the annual cost to business of cybercrime is £21bn a year, having a huge impact on the economy. But this targeting behaviour brings more than just a monetary cost, with it taking up time and causing reputational damage. Despite the risks of cybercrime, some small businesses are not aware of the risks and are not taking steps to protect themselves and their customer’s data. With the introduction of the General Data Protection Regulation (GDPR) last year, evidence of the lack of awareness by some businesses was clear. Research conducted by FSB showed that almost a fifth of SMEs were unaware of the changes a month before they were due to come into force. This digital awareness gap extends into cybercrime and how it can impact businesses.

Freelancers or small business owners may think they don’t have any data worth stealing but data, such as customers’ names, addresses and contact details is exactly the kind of information hackers are chasing. Phishing, ransomware attacks and the hijacking of a business’s computer systems are all cyber-crimes that can be committed remotely.

Many small businesses are still taking the leap into the digital world and utilising the transformational power that it can bring. Businesses have the responsibility to get ‘cyber-aware’ but there is a need for guidance and education.

Ellenbrooke, a part of Exemplas, has been helping businesses to implement and maintain certified management systems for over 30 years. Ellenbrooke provides support for Information Security standards including ISO 27001, IASME, Cyber Essentials and GDPR Evaluation of Compliance. The IASME Governance standard is an Information Assurance standard developed specifically for SMEs. It allows the smaller companies in the supply chain to demonstrate their level of security controls for a realistic time and cost investment and indicates that they are taking good steps to properly protect their customers’ information as well as their own. Ellenbrooke works closely with businesses to create and implement an action plan to get to the point of certification, and then continue to support in maintaining internal systems to enable longer-term retention of the certification.

Find out more about Ellenbrooke here.