The sheer volume of data that has accumulated online and the increasing reliance on the digital landscape have created the perfect storm – the opportunity for hackers to target unsuspecting SMEs via the internet.
Unfortunately, many SMEs believe that somehow their smaller size protects them from hackers, who they think will be more likely to target the big corporations with massive amounts of data. However, it’s the big corporations who have the money and the resources to invest in unified threat management programs, making SMEs easy pickings for cyber criminals.
You might be surprised to learn that in the latest Business Risk Report by QBE, most SMEs believe that the biggest threat to their cash flow is losing customers, which is most probably true - but they have ignored the undeniable fact that behind this threat is the much bigger danger of cyber-crime, which may well be the reason for their lost customers.
In fact, SMEs represent a very lucrative resource for cyber criminals who invest much of their time in identity theft or accessing data belonging to the big corporations via unprotected portals provided by SMEs.
So if your small business is struggling to understand the digital landscape and how to defend your own data from cyber theft, here are four of the most common strategies that criminals use to gain access to your data.
- Ransomware: The most common ransomware gains access to your systems via phishing emails that contain infected links or attachments, holding your systems to ransom; if you don’t pay the ransom they won’t return access to your data. More sophisticated ransomware uses vulnerabilities in your systems or software, but a quality firewall and antivirus software, as well as educating your employees about ransomware can stop most of these before they enter your system.
- Human error: Using easy passwords, not updating passwords, losing business smartphones or laptops and accidentally sending sensitive information in an email to the wrong person are all ways that data breaches can occur in SMEs. Employee education and restricting access to sensitive data are two strategies that can help to reduce human error in the workplace.
- Denial of service: Otherwise known as DDoS attacks, these occur when your server is shut down due to hackers flooding them with requests. Overloaded, your server just stops working and it can be minutes, hours or days before it is operational again. Whilst data is not stolen during a DDoS, the hit to your reputation and the loss to your bottom line can be enormous. Unfortunately, defending against DDoS can be very expensive for SMEs, which is why they are so vulnerable.
- Social engineering: This is where your employees are duped into passing over sensitive information to cyber criminals and is becoming more and more common. Just as individuals can be fooled into passing over their personal details to someone who poses as a Telecom engineer, tax professional, banking employee or IT provider, the same can happen to your employees. Social engineers always press heavily for this information, emphasising a sense of urgency, keeping the person flustered and pressurising them to hand over the information. Once again, employee education is the major protective factor in these circumstances.
While antivirus software and employee education are key preventative factors, if a cyber attack does occur, a cyber insurance policy tailored to your business is integral to mitigate the losses from such attacks. Having such insurance in place means your business can be covered for the costs involved, from the investigation of the breach to the reputational loses your business has suffered. To discuss cyber insurance for your business, contact one of our insurance specialists today.
General Advice Warning
The information provided is to be regarded as general advice. Whilst we may have collected risk information, your personal objectives, needs or financial situations were not taken into account when preparing this information. We recommend that you consider the suitability of this general advice, in respect of your objectives, financial situation and needs before acting on it. You should obtain and consider the relevant product disclosure statement before making any decision to purchase this financial product.