Here, there and everywhere: the cyber threats facing today’s small businesses come from every direction. Here’s what you can do about it
When cyber-attacks and data breaches hit the news, they invariably involve the largest businesses or national institutions like the NHS. But this doesn’t mean small businesses are not under threat too. Every business, regardless of size or industry sector, is at risk. Accountants Moore Stephens works closely with small businesses and want to make sure they are fully aware of the threats they face every day, in the ordinary course of business. Y
ou do not need to be doing anything particularly sophisticated to be at risk. Simply clicking a link in an email can leave you vulnerable to a data security breach. Part of the challenge lies in the fact that hackers and cyber criminals do not just target specific companies with their attacks. Many forms of malware (malicious software) can trawl the internet looking for vulnerable websites and computers. No one needs to have a specific grudge against you.
That said, a ‘malicious insider’ – a member of staff disgruntled for some reason – is also a risk that can never be ruled out. Moore Stephens’ latest research, entitled ‘Here there and everywhere: the cyber threats facing OMBs’ reports on the levels of awareness that ownermanaged businesses have regarding the various threats facing them and the steps they are taking to counter these threats. Here are some of the key findings from this research of business leaders across the country:
• The biggest threats that owner managed businesses (OMBs) are aware of and that pose the biggest threat to their business are malicious code (83%), computer viruses (82%) and phishing email scams (80%).
• In total, 41% of OMBs have already suffered from either a cyber-attack or an inadvertent data loss.
• 68% of small business leaders recognise their current cyber prevention isn’t sufficient. Around one in five (19%) of the OMBs Moore Stephens surveyed say they are aware of cyber and data privacy threats but are ‘not too worried’.
Given the nature of the threat, they should be. What is really important now is that all businesses take the basic and essential steps to establish and maintain their cyber-attack and data loss defences by setting policies, maintaining controls and training staff. No defences can be 100% secure, but they can go a long way toward preventing breaches and the unnecessary costs, business disruption and damaged reputations that follow. It’s a huge concern that 31% of OMBs surveyed are aware of cyber and data privacy threats but say they don’t know what action to take.
Advice is widely available and even free. A useful source of help is the government-endorsed Cyber Essentials scheme (www.cyberaware.gov.uk/ cyberessentials). If professional expertise is needed, then it’s best to look for specialists in cyberattacks and data loss (whether to help with prevention or recovery), rather than assuming general IT service providers have the necessary expertise.
Now is the time for businesses to take action, review all areas that could be at risk and prepare robust defences. Taking action to address the many threats and risks should be a high priority, after all, 40% of small businesses like you have already been victims.
Further information A full copy of the Moore Stephens report can be found at www.moorestephens.co.uk. To discuss any of its findings, please contact Moore Stephens Partner and OMB specialist Geoff Norman on 01733 397300.