Cybercrime and small businesses – how vulnerable are you?

02 Nov 2015 | Research & Business Knowledge

You will be targeted by cyber criminals – it is not a question of if, but when.

We at the ICG are only small businesses – 1-3 people – so surely this is not something we need to worry about unduly?  We all have a strong and personal handle on our company finances – don't we?  I know that I felt like this until fairly recently – after all, who would want to bother with such a small company as mine? 

I have recently done some work in this area and learnt some surprising, and worrying, facts about the risks of operating online.  And then we hear of several organisations, TalkTalk being the most high profile, who have recently been 'hacked' and thousands of customer’s details compromised – potentially including details of small businesses.  Indivdiual customers have already had their bank accounts raided or have been contacted by fake TalkTalk representatives asking them to hand over private information.  Other reports highlight vulnerabilities in our networks – we may install security patches on our computers, but what about our printers (they are networked, and are a potential 'back door').

According to ActionFraud, 1 in 4 small businesses are affected every year by fraud, and losses amongst SMEs were estimated at £18.9bn.  The Federation of Small Businesses recently carried out some research where it found that 41% of its members had been victims in the last year, losing on average £4,000 each – I don’t know about you, but I certainly would feel a loss of that magnitude!

The report found that the most common threat to businesses is virus infections with 20% falling victim to this; eight per cent had been a victim of hacking and five per cent suffered security breaches.  Almost 20% of members had not taken any steps to protect themselves from a cyber crime.  However, 36% of respondents said they regularly install security patches to protect themselves from fraud, and almost six in 10 members regularly updated their virus scanning software to minimise their exposure to online crime.

Businesses are increasingly seen as lucrative targets for cybercriminals as we often hold more 'cashflow' cash in our accounts that we may do as individuals or may 'store' client payments there for some time before moving it on – and many of us do not have effective fraud controls in place.  Stephen Harrison, chief executive of the National Fraud Authority said that "Private sector businesses suffer the highest levels of loss and can also suffer other impacts like reputational damage. Loss to smaller businesses can even put their future at risk”.  Without wanting to teach you to suck eggs, we all need to take reposnbiility fo rour own security – when was the last time you changed your passwords or double checked your bank account transactions?

ActionFraud has a very useful website which splits the risk of business fraud into four areas;

  • Asset fraud: hacking, ID fraud, account take over, misappropriation, scams (phishing/ vishing)
  • Customer fraud:  forged currency, misuse of an electronic payment card, cheque fraud
  • Employee fraud:  procurement fraud, travel and subsistence fraud, payment and receipt fraud, false accounting
  • Supplier fraud:  fake invoice scams, fraudulent trading, advance fee fraud, purchasing fraud

It outlines the risks in each area, and talks about simple, common sense measures that you can put in place/ follow to minimise the risk.  Whilst some of the advice is clearly for slightly larger SMEs, I still thought it was a useful and illuminating read and made me think!  Of course, we all still need to follow basic procedures – never give out your PIN or passwords, take care when writing cheques, keep an eye on your accounts and check anything that looks untoward and make sure you download your banks’ security software (there have been a couple of cases where banks have refused to reimburse clients because they had ignored instructions to install this software). 

It seems that it is not if, but when, we will be victims of fraud – and we need to be more aware and protect ourselves as much as we can.  Eternal vigilance is the price we pay for benefiting from the benefits of the internet.  Click on the link on the right to make a start…