It’s a little-known fact that smaller businesses are more vulnerableto cyber-attacks than most larger companies. Smaller budgets and fewer resources means that small to medium-sized companies are less willing to pay for vulnerability assessments or penetration testing of theirs and websites. The question is, how money is this choice not to protect online networks costing small businesses? According to the Federation of Small Businesses it amounts to somewhere in the region of £785 million a year. That astounding figure is the penalty SMEs pay when they fall victim to online fraud and malware.
the Federation of Small Business research found that around 40 per cent of its members had been a victim of some form of cyber-crime within the last 12 months. It estimated that the average cost as a result of attacks on their members around £4,000. Three out of every ten respondents also claimed to have been a victim of fraud by a customer or client, and 10% said they suffered as a result of ‘card not present’ fraud.
The study also looked at the most common forms of attack on small businesses. It discovered that the most common threat to SMEs was virus infections. 20 per cent of companies said they have fallen victim. 8 per cent believed they had been a victim of hacking. 5 per cent said they have suffered a data breach. Alarming as these figures may sound, what was of greater concern to the FSB, was the cost to the wider economy. It suggests that small firms are refusing to trade online, because they believe that they do not have adequate protection. Previous FSB research shows that only a third of businesses with their own website use it for sales.
Cyber-crime poses a real and growing threat for small firms and should not be ignored. Many snall businesses are considering taking steps to protect themselves, but the cost of crime, and defending your company against it, can act as a barrier to growth. Many businesses are reluctant to embrace new technology as they fear the consequences and do not believe they will get adequate protection from crime. Government is playing its part and encouraging companies of all sizes to address cyber-security but small businesses need to help themselves.
Despite the fact that a number of small companies stubbornly refuse to acknowledge the problem, 36 per cent of FSB members say they regularly install security patches to protect themselves from fraud, and around 60 per cent regularly update their virus scanning software to minimise their exposure to cyber-attacks.
As a result of research the FSB has issued recommendation for small businesses who want to protect themselves from cyber-crime. The recommendations include basic steps, like implementing a combination of security protection solutions (anti-virus, anti-spam, firewall), ensuring software and devices are regularly updated with security patches, as well as implementing a resilient password policy, secure information disposal, testing disaster recovery procedures, and checking up on provider credentials and contracts when using cloud services.
CIS specialises in helping SME’s implement and maintain cost effective Information Security Management Systems through the Virtual CSO Service. Please feel free to contact us for a no-obligation discussion about how cyber-security issues are affecting your business.