Early this month, BA issued an apologetic warning that their booking website had been hacked. Describing the incident as a “sophisticated, malicious criminal attack”, they admitted that customers’ credit card details had been stolen — including the CVV codes, suggesting an interception rather than harvesting data.
BA is just the latest in a long list of major organisations that have suffered recent cyber-attacks, perhaps the most notable being the NHS. But these incidents that make the national news are just the tip of the iceberg. SMEs are just as vulnerable, and they’re being targeted all the time.
Cyber-Crime and SMEs
If cyber-crime is damaging to large organisations, it can be devastating to SMEs. Quite apart from the damage to reputations, loss of data is often fatal — less than half of companies that lose data are still in business six months later.
Theft of customers’ or employees’ data is even worse, especially since the introduction of GDPR. A company that can be shown to have been in any way negligent can be substantially fined. A large business may recover from this, but few SMEs are likely to survive.
What Can Be Done?
SMEs can introduce measures to minimise the risks of becoming a victim of cyber-crime. These range from robust security systems to training your staff in good practice, such as not opening attachments from dubious sources without checking first.
Even so, cyber-criminals are clever and can occasionally get through the best defences. If this should happen, it’s vital to have a well-formulated cyber incident response plan that can instantly be put into action, minimising the damage as far as possible.
If you suffer a cyber breach, it’s essential to find out as quickly as possible exactly what’s happened. Most SMEs don’t have the resources to do this, but it’s possible to subcontract to specialists. A good company will promptly assess the threat and recommend immediate solutions, as well as longer-term measures to protect your systems in future.
If you’ve been attacked, it’s already too late to take action. Every SME should have a range of measures in place against cyber-crime, and the best way is to bring in a specialist company before you need them.
You may not prevent the most sophisticated attacks, but you can certainly intercept most of them. You’ll also be increasing your chances of surviving a cyber-attack — not to mention avoiding those crippling fines. Feel free to give me a call if you want to know more about protecting yourself.