Are small companies at risk of cybercrime?
The news was awash last year with stories of businesses suffering at the hands of cybercriminals. Big names such as TalkTalk, Marks & Spencer, British Gas, JD Wetherspoon and Ashley Madison all had to face the shame of explaining to customers what had happened and why they could have been put at risk.
One similarity between all of the above companies, though, is that they're all big names. So does that mean smaller firms aren't in quite so much danger as their larger counterparts, or are the big names the only ones talked about because they have so many customers? Let's explore.
An easy target
As with all crime, it's a case of offsetting risk and reward. The data value and kudos that hackers get from big companies will far outweigh those from smaller firms, but they typically have to work harder to get it. Smaller companies, meanwhile, don't have the same tranches of data, but are often less protected. Hackers will weigh up the reward against what is achievable. Put quite bluntly, small businesses are an easy target.
In fact, a US study by security firm McAfee found that 90 per cent of small and medium-sized businesses do not use data protection for company and customer information. Hackers know this, so will target small firms accordingly. There's also the added incentive of trying to blackmail smaller companies, which is much easier than large firms with armies of legal clout.
The cost of an attack
One of the main issues that inhibit better security among small businesses is cost. The vast majority of companies know that they're at risk of an attack, so not putting proper security in place isn't laziness or ignorance, it's all about what they can afford. However, saving money by cutting out cyber security can very much be a false economy.
PriceWaterhouseCoopers suggests the worst security breach could cost small businesses anywhere between £65,000 and £115,000. This - it's fair to say - is significantly more than preventative measures would have cost.
It's worth noting, however, that hackers are getting smarter every day and security firms are forever entangled in a game of cat-and-mouse. As such, having cyber security measures in place won't guarantee prevention from attacks. What they can do, though, is put prospective hackers off. Given that small firms are seen by hackers as easy targets, making the process a bit more difficult is likely to send them on their way.
What to do
There are a number of third-party apps, programs and devices that can be used by small businesses to help prevent cyber attacks. The one that works best will vary from business to business, so it's worth doing a bit of research.
One consideration that all organisations should heed is that of internal access. A big portion of cybercrime doesn't actually come from shady teenagers wearing hoodies, but staff members or other people who already have access to this information. Whether it's on purpose or by accident, staff members can leak information all too easily. For this reason, education and proper monitoring should help prevent information from getting out.
Also see related content...
What was the eBay hack all about?
Getting to grips with cyber security