5 reasons why UK SMEs need to prioritise cyber security in 2021
There is no denying that 2020 has been a tough year for UK SMEs. The sudden emergence of Covid-19 forced a lot of businesses to change the way they conduct their everyday working schedule. Unfortunately, this has created new opportunities for cyber criminals to take advantage of the challenging situation, which is evident in the increasing number of cyber-attacks reported by UK SMEs.
Sadly, small businesses are often targeted by cyber criminals as they are easier to break into. In a high number of cases, the business only becomes aware of the cyber-attack once it is too late.
We’ve listed below 5 reasons why UK SMEs need to put a bigger priority on their cyber security systems. As well as providing some useful advice on how you can improve the security within your workplace.
1. Remote working
As you probably guessed, remote working tops our list. As the days of the pandemic go on, it’s becoming harder to remember a time when remote working wasn’t the daily norm. This isn’t necessarily a bad thing; many businesses have highlighted that it has improved their employee productivity and welfare whilst saving on expenses. It is however important to understand the increased security risks that remote working brings to a business. When working from home, you will not benefit from the layers of protection provided on your office network. This can leave your device vulnerable to compromise, as it is potentially sitting on an unsecured network.
Unfortunately, cyber criminals will be looking at remote working as an opportunity to run email scams, specifically targeting employees who may be adjusting to working from home. Which leads us on to the next point in our list.
2. Phishing emails love the pandemic
In 2020, there were over 365,000 phishing email scams reported within the UK, with a 350% increase during the first 6 months of the Covid-19 pandemic. The sudden rise in cases during the mentioned months is likely due to cyber criminals specifically targeting remote workers. You may be wondering ‘What is a Phishing Email?’ and that’s ok. Unfortunately, it is common for employees (particularly within SMEs) to have little to no training in the identification and prevention of these scams.
We’ve provided an example below of a phishing email that cyber criminals are using to scam remote workers.
Virtual Meeting Invitation:
Luckily, training on this subject is becoming more widely available to individuals. Here are a few steps you can take to help identify these types of emails:
1. Examine the URL: Check that the URL is directing you to a safe page. Often URLs prompting for login details are fake.
2. Keep your password to yourself: It is extremely rare that your IT department or reputable organisations will ask for your password via email.
3. Think before you click: Cyber criminals will try and play on your emotions to prompt a response, think twice before you click any link.
4. Report it: If you have any uncertainty about an email, report it. As they say, ‘it’s better to be safe than sorry’.
3. Ransomware is on the rise
Similar to phishing emails, ransomware has been increasingly utilised by cyber criminals during the pandemic. Although you would think these attacks are targeted at large organisations, 71% of ransomware attacks were reported by SMEs. Simply put, ransomware is a malicious software designed to block access to a computer system or release private data, unless a sum of money is paid. This software can be easily disguised as an attachment or download, once again, targeted at un-aware or remote workers.
With it looking ever more likely that remote working will remain ever-present within the UK throughout 2021 and onwards, it is vital that people are made aware of the threat and how it can be avoided.
4. Keeping compliant
The requirement to stay compliant with data regulations and privacy policies seems to become more confusing year by year. Yet the simplest mistake could lead to a very damaging fine. This has become especially true since the introduction of GDPR in 2018. It is now law that organisations operating within the EU (the UK still have to comply regardless of Brexit) are required to implement appropriate technical and organisational measures to protect personal data, regularly review controls, plus detect, investigate and report breaches. This isn’t a simple task and sourcing professional expert support is highly recommended. Bizarrely, many SMEs are not aware that an MSP such as acs.co.uk can support your business in becoming compliant in the mentioned areas.
5. Cyber-attacks are expensive!
Cyber security breaches cost UK SMEs an average of £3,770 in 2019, with the number in 2020 expected to be even higher. On top of this, the true cost of a security breach is often underestimated, with the cost of recovery, plus the damage to reputation sometimes being too high for a business to recover from. Cyber Crime Magazine reported that 60% of small businesses ceased trading within 6 months of a cyber breach.
One reason why cyber criminals target SMEs is because of their lack of investment in a top-level security solution. With the rising number of cyber criminals present within the UK, SMEs need to ask the question whether they can afford not to invest in cyber security, as the consequence of a breach is certain to cost a whole lot more than the solution. It could even cost you your entire business.
I’m a UK SME, what do I do next?
We understand that all of this can sound pretty daunting. That’s why we’re here to help you. For more information on our cyber security solutions, visit here.
Alternatively, if you’d like to speak to one of our cyber security experts, fill out the form below and one of our team will respond to you promptly.
Please don’t hesitate to reach out, we’re here to help.