Table of Contents
You don’t need to run a huge multinational company to be targeted by cyber criminals. In fact, the Government’s 2024 Cyber Security Breaches Survey found that half of all UK businesses had faced a cyber attack or a breach in the past year.
Sadly, cyber crime can be ruinous for small businesses. The same survey found that for the average UK business, the cost of a cyber attack stands at £1,205.
As a small business owner operating in an age of increasingly sophisticated cyber crime, you should be vigilant about protecting your business in cyberspace.
After all, you wouldn’t go home for the night without securing your business premises. Nor would you leave your valuable tools lying around in the back of an unlocked van.
So why risk leaving your small business – and your livelihood – unprotected online?
Read on to learn more about cyber attacks and arm yourself with the knowledge you need to protect your business.
» MORE: Cyber insurance: everything you need to know
What is a cyber attack?
A cyber attack is an intentional and malicious attempt to gain unauthorised access to a network, computer system or digital device.
The purpose of a digital break-in is likely to vary, depending on the specific scam or attack, but generally, cyber attackers may try to steal, expose, alter, disable, or destroy data, applications, or other digital assets.
What does a cyber attack look like?
According to the government’s latest cyber survey, phishing attacks account for 90% of all cyber attacks against UK businesses.
Phishing is a type of cyber attack where criminals use scam emails, text messages or phone calls to trick their victims into thinking they’re being contacted by someone they’re not.
Think about those malicious phone calls you sometimes get from people pretending to be from your bank – or fake delivery texts from criminals impersonating Royal Mail or other delivery services.
In most cases, phishing scams aim to trick you into clicking a questionable link or visiting a dodgy website. This could result in a virus being downloaded onto your phone or computer, or you could inadvertently grant the attacker access to your bank details or other personal information.
While phishing scams make up the overwhelming majority of cyber attacks, there are also other tricks used by cyber criminals to get their hands on your money.
The Government has found that after phishing, the type of cyber attack most likely to affect your business involves cyber criminals impersonating your organisation or your staff online.
Targeted attacks with malware (things like viruses or software which spies on your systems) are the third most common type of cyber attack faced by UK businesses.
The threat to small businesses
In many ways, small businesses are particularly vulnerable to cyber attacks.
Three quarters (75%) of UK businesses say cyber security is a high priority, but it’s generally the UK’s medium-sized and larger businesses that are prioritising this issue, compared with smaller firms.
Many small business owners may feel the risk of a cyber attack is minimal and could underestimate the potential financial and reputational damage. Tighter budgets and lower staff capacity can make preparing for cyber attacks more of a challenge for smaller firms, with many more focused on making ends meet.
The lower level of media coverage about cyber attacks on small businesses could also encourage a sense of complacency.
But the cyber threat remains.
“Assume that you will be attacked at some stage. Look to see what the key areas of your business are that you need to protect,” warns Richard Archdeacon, former Advisory Chief Information Security Officer at the technology company CISCO.
He told Nerdwallet that every small business should “practise and prepare for the worst”. Whether you work alone or have a team of staff, it’s important to take time, before you experience an outage or cyber attack, to ask yourself these questions:
- How would we communicate with our customers?
- How would we switch our IT systems?
- How would we keep our payment systems going?
- How would we communicate with employees?
These are the questions you should ask yourself to gauge the potential damage your business could face if a cyber attacker gets you in their crosshairs.
» MORE: How to insure a home business
How to protect your small business from cyber attacks
It can be tricky to get to grips with cyber threats and the security measures you should take to protect your business.
The Government has previously found that where cyber security has been outsourced to an external contractor, senior leaders of small businesses become disengaged from the topic and do not have a strong understanding of the actions required to keep their business safe.
So the best way to ensure your small business is protected online is by taking responsibility for your own firm’s cyber security.
In many ways, that starts with cyber hygiene.
Cyber hygiene
Practicing good cyber hygiene could help protect your business from the threat of cyber attacks.
Just as real-world hygiene can stop you from catching colds and picking up infections, protecting yourself (and your business) online involves adopting a few good habits to maintain the health and security of your online systems.
In practice, cyber hygiene can look different from one business to the next, but in all cases, it’s about taking small, regular steps to check on and maintain the health of your digital systems and building routines around these good practices.
Cyber hygiene for your business could involve:
- keeping passwords safe and secure (and ensuring that passwords are strong, unique and changed regularly)
- using multi-factor authentication
- regularly backing up your data
- closely guarding your privacy while using the internet
- keeping apps, software and firmware up to date (since updates often involve fixing vulnerabilities)
- being vigilant about what links you click and looking out for cyber-crime at all times
And if you’re stuck on cyber security, the government-backed Cyber Essentials scheme is there to help businesses to get the basics right. Cyber Essentials can tool up your business to guard against common online threats.
Government research has found that only a small proportion of UK businesses are even aware of this scheme, while separate research in 2023 from the Federation of Small Businesses (FSB) also suggested that few small businesses access the cyber security tools and guidance available to them.
Cyber insurance
Another way you can protect your business online is by taking out a robust cyber insurance policy.
This is a specific type of business insurance designed to shield your business from the financial consequences of data breaches and cyber crime.
You are responsible for your own cyber security – and cyber insurance isn’t a substitute for keeping your business secure in cyberspace – but if your business were to fall victim to an attack, cyber insurance can kick in to cover the costs and get you up and running again.
In the wake of a cyber attack, cyber insurance could cover financial losses, damage to your business’s reputation or equipment and, where necessary, compensation for third parties after a data loss.
» MORE: Do I need business insurance?
Image source: Getty Images
Dive even deeper
Do I Need a Business Insurance Broker?
by Kristina Fox
Types of Business Insurance
