Cyber criminals are targeting small businesses less likely to invest in their tech defences
A seven-fold surge in cyber crime in the first half of 2021 has exposed how vulnerable UK businesses are to online fraud. The National Fraud Intelligence Bureau reports that within the last 13 months there have been reported losses of £13.4m in a total of 31,469 reported cyber crimes, with scammers becoming increasingly sophisticated and ruthless in their attacks. The majority of these crimes were hacks into social media and email accounts, followed by computer virus and malware crimes and then personal hacking. One of the most commonly used scams in the last 13 months features fraudsters posing as HM Revenue & Customs (HMRC) to extort money from individuals and business owners, a total of more than 4,000 reported instances.
Small businesses made up 58% of all cyber crime cases in 2020. The Verizon Data Breach Investigation reports that businesses with fewer than 250 employees, who are less likely to invest in cyber security, were hit hardest by hackers and scammers.
A move towards hybrid or entirely from-home working has made businesses more vulnerable to data theft. Business owners can make their finances and data more secure by training their employees to be alert to the risks of cyber crime, and to be suspicious of any enquiry that requests sensitive information.
It’s easy to postpone computer updates during busy periods, but it pays to keep up with the latest versions of apps and software. Developers are constantly increasing an app or programme’s security defences and every update will make your data more secure against hackers.
You must also ensure that all log-ins to your system are legitimate when your staff are out of office. Double-factor authentication on any work laptops, emails and other devices or clouds containing work data will also help prove the identity of your staff when they are working remotely, forcing them to provide two forms of identification before access is given. Authentication factors range from identifying employees through GPS location to face-mapping biometrics, but it can be as simple as pinging the employee a text on their mobile so they can confirm it’s really them requesting access. With multiple-factor ID, you could catch out a scammer trying to pose as one of your staff.
Strong passwords are crucial in defending your data. A password manager that regularly creates and updates passwords for employees will ensure everyone has a unique code to access work sites. Websites such as Roboform and Keeper offer password management that will help secure your company’s information and prevent any fraudsters getting access.
Firewalls and anti-virus software add further layers of protection around your sensitive data, preventing malware and other viruses from infecting and corrupting your system. Deploying a VPN also encrypts your data and hides your IP address, making your information less vulnerable to attack.