The risk of cyber-attacks has existed as long as the internet has. The difference seems to be that now there is a market place for the information stolen from our computers, which in turn means that smaller businesses are also at risk. Hackers are no longer only interested in big ransoms from multinational organisations; there have been many reports of SME’s being hacked and receiving demands of a few hundred pounds. In fact, according to a government survey published in April, 52% of small businesses (10-49 employees) and 66% of medium-sized businesses (50-249 employees) reported identifying a cyber-security breach in the past 12 months*.
Why are SME’s targeted?
To criminals, cyber-attacks against SME’s offer both low risks and high rewards. That’s largely because a very small number of cyber-crimes are actually reported, and of those reported only a small percentage actually lead to a conviction.
SME’s are also attacked because their information is valuable. Small businesses may overlook this but most have customers’ credit card numbers, their employees’ personal data and, depending on the business, access to financial data. Even small snippets of personal data are valuable, as they can be matched or combined with other data obtained from other sources ad used to commit fraud.
So what are the true potential consequences of an attack?
As well as losing money through the ransoms demanded, there are also less obvious consequences to a business, such as the time taken for IT system to be checked, and contacting clients to advise them of the potential risk. All of which can lead to a dent in customer confidence and business reputation. Does your business have backup computers? Do you have the spare resources in place to notify and liaise with clients following an attack?
What precautions can be taken?
There are now stand alone Insurance policies available to cover cyber-attacks, but there are also some preventative measures that can be taken to minimise the risk of an attack in the first place.
We asked our local IT expert Richard at Fourth Generation Computer Services in Romford for his advice, and here are four of his top tips:
- Password protect all user accounts on all devices. Also, do not rely on factory default passwords for devices such as internet routers or telephone systems.
- Perform weekly or fortnightly checks to ensure latest updates are applied to Operating Systems and Security software. Have multiple backups of critical data, preferably in separate locations.
- Do not be afraid to query anything of concern. Shared knowledge and experience is invaluable.
- Educate employees: make use of documentation and guidelines freely available from .gov.uk and security specialists’ websites**.
What to do if you suspect an attack?
If you suspect you have been victim of an attack, there are measures that can be taken to limit the damage. Here are Richard’s tips on what to do in such an event:
- Immediately disconnect the affected devices from your local network and the internet. Do not reattach until appropriate remedial action has been taken.
- If a ransom ware attack is suspected, immediately power off affected devices. Do not power back on until appropriate remedial action has been taken.
- If you suspect a specific online account has been hacked, change the password immediately.
- If you suspect a device has been hacked, use another unaffected device to change all passwords immediately.
For more I.T advice, contact Richard at Fourth Generation Computer Services on 01708 739333, or by email at firstname.lastname@example.org
For more information on Cyber Attack Insurance, contact Abi at LG Insurance on 01708 730830, or by email at email@example.com