<img alt="" src="https://secure.leadforensics.com/220760.png" style="display:none;">

AAC Blog

Cyber security risks in smaller companies

From private individuals to huge corporations, anyone and everything is vulnerable to cyber attacks in today's fiercely competitive world of high tech. Small businesses in particular are vulnerable and are easy targets for hackers as they often do not have the financial resources to fund measures that would help protect them from hackers.

Just because a company is newly launched and not yet in profit, will not always deter attackers from targeting as many devices, services and users as possible for their own personal gain. It also happens that, on occasion, employees, contractors and business associates who have access to private systems can abuse their power to unlawfully access private data for their own gain. 

When team members are not sufficiently educated about the optimal security practices, accidents can happen to expose the company to hacking incidents. In addition, smaller-scale businesses can occasionally, either unknowingly or under coercion, grant larger corporations access to valuable information by providing unauthorised and illegal access to another business's internal operating environment. Another form of hacking, known as the ransom attack, can also be staged. In these cases, hackers threaten to publish highly personal or valuable data, or block access to data or a technological system by encrypting it until the affected business pays a disproportionately large fee before a set deadline.

How often do SMEs get hacked?

In the past year, 47% of small businesses in the UK experienced a single cyber-attack and 44% experienced more than one attack, with the average cost of one such hack being between £15,000 to £200,000. Such an expensive hack is often enough to fold most small enterprises. Contingency plans are essential in order to limit the amount of damage done as the result of an attack. Hackers are becoming more skilled in exploiting the network vulnerabilities associated with wireless networks and cloud-based storage systems. Many of these attacks go undetected for some time, resulting in catastrophic losses for companies, which as a consequence incur legal fees, compliance penalties, damage to earnings and irreparably damage to client relationships.

Steps to be taken to improve security

  • Back up your files routinely, more than once a week. 
  • Run ongoing security checks to assess any weak areas associated with your systems or the software you use that hackers could easily exploit.
  • Use multifactorial authentication processes to ensure no fraudulent attempts are made at logging into your networks
  • Use malware, firewalls and encryption methods to protect your personal and financial information.
  • Keep your team as up to date with relevant security and information governance processes as possible. Invest in today to protect tomorrow.

The most coercive targeting attacks are known as ‘phishing’ attempts. On occasion, businesses are so focused on warding off this type of hack that they miss less obvious kinds of attacks. Hacking attempts can happen at any time of the day or night, originating from anywhere in the world. Awareness is key. Be aware of ‘drive-by Infections’; These tend to occur when individuals unknowingly download malicious code to a computer or mobile device, leading to a cyberattack. In this instance, no download, click-through or email attachment is used to infect a system and consequently identifying such hacks can be difficult. 

Scanning Networks for Vulnerabilities and Exploitation

A vulnerability scan is an automated, high-level test that deliberately targets known vulnerabilities such as the following:

  • Brute force attacks. This hacking technique aims to hack passwords, login credentials and encryption keys. 
  • Malware. (‘Mal’ as in ‘malicious’) Any aggressive form of software built to infect, weaken or corrupt a device, service or network. Hackers prefer to use this to isolate data that they can use to blackmail users for financial gain. 
  • Ransomware. This is a type of malicious hack that threatens to release individuals' data online or encrypt data unless the victim agrees to put forward a ransom fee, the preferred currency usually being bitcoin.
  • Distributed denial of service attack. A deliberate attempt to corrupt the everyday stream of traffic attached to a specific server, service or network by overwhelming a targeted system with a huge amount of internet traffic

How much should a small business spend on cybersecurity?

The significant impact of not protecting your business from cyberattacks is far more than simply financial. The damage to reputation affecting existing clients, potential leads, investors and communication to online audiences could quickly bring your business to a halt and undermine customers' confidence. Experts suggest that around 3% of a company’s annual income should be invested in cybersecurity to protect it from cyberattacks and the potentially ruinous consequences associated with it. 

Can ISO 27001 protect small businesses from cyberattacks?

ISO 27001 gives a clear signal to online predators that cybersecurity is an absolute priority to businesses. The Information Security Management Systems (ISMS) prioritises the integrity and reliable availability to the business of its data. The ISO 271001 offers a systematic risk-based approach that incorporates organisational processes and information governance to help address vulnerability to hacking opportunities and other forms of cyberattack. 

The main benefits of ISO 27001 for small businesses

  • Safeguards information and refines security processes.
  • Creates a bond that offers reliability, honesty and reassurance 
  • Provides a unique selling point of a business 
  • Observes and adheres to legal regulations, such as GDPR
  • Assists in the conceptualisation and implementation of new systems and processes
  • Minimises additional customer security audit requirements

New call-to-action

LATEST NEWS

Who is responsible for the protection of information security?

Who is responsible for the protection of information security?

Cyber-attacks have become more sophisticated and deadly than ever, from phishing scams to website spoofing, IoT hacking, identity fraud and the use of ransomware. As a result, the...

Read More...
How an ISO can make your company more sustainable

How an ISO can make your company more sustainable

Developing an eco-friendly strategy for business that is both socially and economically sustainable demonstrates progressive professional values with ethical long term objectives.

Read More...
Cyber security risks in smaller companies

Cyber security risks in smaller companies

From private individuals to huge corporations, anyone and everything is vulnerable to cyber attacks in today's fiercely competitive world of high tech. Small businesses in...

Read More...
Environmental aspects and impacts register, what is it and how do you create one?

Environmental aspects and impacts register, what is it and how do you create one?

The Intergovernmental Panel on Climate Change have released its findings in its long-awaited report. The stark conclusion was that every corner of our planet is warming at an...

Read More...
ISO 9001 for small businesses: 8 reasons it makes sense

ISO 9001 for small businesses: 8 reasons it makes sense

A firm favourite with brands across the globe, ISO 9001 represents a best practice quality management system. Fundamentally a framework to ensure consistent quality, ISO 9001 is...

Read More...
Can ISO 14001 and ISO 9001 be combined?

Can ISO 14001 and ISO 9001 be combined?

Progressive design management is the art of combining professional decision-making processes with strategies that facilitate innovation and refined production of products,...

Read More...
What is Annex SL and why is it important?

What is Annex SL and why is it important?

To ease the integration of ISO management systems standards, Annex SL is ISO's latest and greatest update, providing a new standardisation of high specification structures.

Read More...
What are the best tactics to improve workplace efficiency?

What are the best tactics to improve workplace efficiency?

Investing in your employee's health, wealth, and happiness can increase productivity, efficiency and loyalty significantly, thereby benefitting a brand's reputation. Managers can...

Read More...
4 Key reasons why your company should adopt ISO 27001

4 Key reasons why your company should adopt ISO 27001

ISO 27001 (formally identified as ISO/IEC 27001:2005) certifies that high-quality risk assessments have been carried out, formalising effective legal, physical and technical...

Read More...