Skip to main content

Cyber security threats and provisions for SMEs

(Image credit: Image Credit: LightField Studios / Shutterstock)

Today, in the digital age, businesses are facing new threats. These threats take the form of cyber attacks and must be considered a priority for SMEs. Large-scale corporations likely have provisions in place, should they face any cyber threats. Unfortunately, however, many small enterprises believe they are too small to face cyber attacks, leaving them extremely vulnerable. Recent government reports demonstrated that one in five SMEs who suffered a cyber attack lost a day in revenue to recover.   

In 2017, the NHS suffered one of the largest cyber attacks, demonstrating the need to prioritise online security more as we continue to rely on computers for storing vital information. The government has estimated that over half of all UK companies have faced a form of cyber attack, which can result in financial losses and, in severe cases, insolvency procedures. With that in mind, Business Rescue Expert, leading insolvency practitioners in the UK, are sharing a guide on the cyber attacks of today and, subsequently, how to safeguard your business.   

Poor knowledge of cyber security   

A lack of knowledge on cyber security and the issues your company could face spell warning signs. All staff within the SME should have basic knowledge on identifying phishing emails and threats, to ensure your business is protected. It should not only fall on the company directors/IT department, and basic training should be provided for cyber security. A key recommendation is to ensure all employees regularly update passwords. Similarly, phishing emails are a significant threat to companies and often hit the company at the weakest point, as staff are not taught to identify the emails. Thus, sensitive information can be accessed easily.   

Over the past several years - certainly within the last two - more specialist courses are readily available up and down the country for cyber attacks. It’s a worthwhile investment to provide training, as even a basic understanding of current cyber security issues and their relevant provisions could reduce the risk and mitigate the associated damages.   

Internal attacks 

Internal security issues are one of the primary causes of cyber attacks on SMEs, and are often largely ignored. Reports suggest a high number of threats can be attributed internally. For example, a disgruntled employee could leave your company vulnerable, particularly with access to your business network. Therefore, we recommend keeping a record of those with ‘privileged’ accounts and have access to sensitive company information as a matter of urgency. Tools are available to monitor those accounts, which must be terminated immediately if the employee no longers works for your company.   

System updates   

System updates can cause significant threats to the longevity of your SME. Take the NHS cyber attack, for example. An outdated version of Windows XP led to vulnerability in the network. Hackers subsequently identified this vulnerability, leaving all employees unable to access the internal system, effectively ‘closing’ the NHS. Your employees must be made aware of the importance of system updates and to not ignore notifications. All companies should invest in anti-malware software as a necessity and keep it up-to-date, as well as operating systems, firewalls and firmware.   

DDos attacks   

A DDoS attack, or Distributed Denial of Service, is, most commonly, associated with large-scale operations and hosts, but that certainly does not mean SMEs are not vulnerable. Reddit and Twitter have fallen foul of DDoS attacks in the past and, unfortunately, there is not much you can do when faced with a DDoS attack. The effects can last between 6-24 hours and have been known to cause some companies upwards of £30,000 per hour. DDoS attacks are a significant threat for SMEs today, as they believe they are too small to be at risk. It’s common knowledge that smaller firms may not have working provisions in place to deal with a cyber attack and, often, host sensitive customer information. As such, they are targeted on a more frequent basis. Although, there is little to be done once faced with a DDoS attack, other than tracking their IPs and blocking, you can minimise the risk by investing in reliable anti-malware software, email filtering and updated systems. Measuring bandwidth is also a possibility to monitor any spikes, which could indicate a DDoS attack.   

Consequences of a cyber attack for an SME 

The consequences of a cyber attack - particularly for an SME - can be devastating. Loss of revenue is the primary cause of irreversible damage, from the theft of sensitive financial information and loss of suppliers. Subsequently, the costs to recovering and reinstating your business could be huge, particularly with the loss of suppliers.   

A cyber attack can also impact your company reputation. All businesses rely on trust with consumer and suppliers and, if they believe cyber security is not a priority, could see them looking elsewhere.   

Protecting your business from cyber attacks   

Protecting your business from cyber attacks should be of enormous concern for companies - especially with recent government reports and news. Breaches to sensitive consumer information can even lead to insolvency procedures for SMEs, when considering the potential fines you could incur. You can put provisions in place, however, to ensure you are prepared should you face a cyber attack.   

You must have a backup procedure to speed up recovery. If your company files are encrypted, it is easier to restore and get back up and running.   

Updating systems regularly is key to minimising vulnerabilities in your company’s network. Make sure all computers are running on the latest installation process and communicate the necessity for doing so - particularly to staff who ignore update notifications.   

Speaking of which, employee training on cyber security is essential. One of the primary entry points for hackers are accidental clicks on harmful emails, so your staff must be taught how to identify phishing emails.   

Ultimately, a strong cyber protection policy will aid in a long and successful future for your company.       

Eamonn Wall, Managing Director at Business Rescue Expert (opens in new tab) 

Image Credit: LightField Studios / Shutterstock

Eamonn Wall is the Managing Director at Business Rescue Expert.