How worried should your business be about cybercriminals?

Research best practice

Nick Wilding, head of cyber resilience best practice for Axelos, says cybercriminals aren't just looking to get hold of rich data. They also target smaller firms based on the relationships they have with large organisations and corporations.

"SMEs continue to be an ideal target for cyber-attackers – either directly to access their highly valued information and services or as a stepping stone to bigger organisations who they partner and work with," says Wilding.

"Although we all regularly read about high profile attacks on well-known brands, SMEs are far from immune to attack and the impacts of a successful attack can be far-reaching. Hard won reputations, competitive advantage and operational capabilities are all at risk."

How to stay safe? Wilding recommends that businesses do their research around cyber-security practices, developing tactics and skills to fight potential threats. He continues: "SMEs should actively seek out freely-available best practice guidance and methodologies, such as the Cabinet Office's 10 Steps to Cyber-Security and the UK Government-backed Cyber Essentials scheme. Adopting the principles outlined in this guidance, that are appropriate to your firm, will help SMEs go a long way to reducing the risk of cyber-attack."

Team awareness needed

Another problem is the fact that staff aren't always aware of the threats. Government statistics claim that only 22% of small and 38% of medium-sized firms provide cyber-training to their employees. Wilding says everyone needs to be aware: "We know that any company's greatest information and systems vulnerability comes from its own employees – the unwitting actions of anyone in the company, regardless of their role or responsibility.

"In fact, the majority of all successful incidents start with someone opening a link or an attachment. So, effective awareness across all your people is an incredibly cost-effective control to manage this risk, particularly in small to medium-sized firms where there are not necessarily the resources to deploy and maintain additional technical tools."

If a cyber-attacker hit one aspect of your business, what would hurt you most?

If a cyber-attacker hit one aspect of your business, what would hurt you most?

There isn't a one-size-fits-all solution

Steve Talbot, from Welsh prop-tech startup Properr, says there isn't a solution that'll cover all areas of cyber-security. Because of this, firms should understand the risks that could damage them the most. Working this out will help business owners find the best solutions.

"For me, the key is to understand which types of cybersecurity attack would have the greatest impact on your business. There's no such thing as a one-size-fits-all security solution, so it's best to focus on mitigating the most significant threats first," Talbot says.

"What would hurt you most? Leaking information about your customers, losing control of your company bank account, or your website going offline for a few days? Once you've decided what to protect, you can work out how to protect it.

"At Properr, my top tip to the team is to choose one strong password you can memorise, and use it to secure a password safe. Then you can create a different, strong, random password for every service and save it in your safe. And contrary to belief, keeping a strong password for three years is better than changing a weak one every so often."

Learning from foiled hacks

Rix Petroleum, a family-owned company that supplies oil and other fuels throughout the UK, is one of many businesses that have been targeted by cybercriminals. In January, it nearly lost £750,000 (around $965,000, AU$1.25 million) after fraudsters claimed they were directors at the firm. However, luckily, it had strong security measures in place to stop them.

Rory Clarke, director of JR Rix and Sons, says: "The fraudsters pretended to be directors at our firm, contacted our phone provider, claimed that there was a fault on the line, and asked for our calls to be diverted to a mobile number. Thankfully, we had security measures in place that prevented the request from going through.

"However, unaware that their plan had failed, the culprits then sent three payment transfer instructions to our bank, each with forged signatures of our finance and managing directors. These requests were flagged as suspicious by our bank, and we received a phone call to ask for confirmation. Had their request to divert those phone calls gone through, the bank would've granted authorisation and we'd have lost approximately £750,000.

"This opened our eyes to how prevalent the dangers of cyber-attacks are. Therefore, along with a number of other companies, we've joined forces with Humberside Police to form the Humber Business Resilience Forum (HBRF), which aims to put cyber-security at the top of the agenda. The forum's aim is to offer businesses expert knowledge about cyber-security, updates about the latest scams, and information about preventative measures they can take."

Growing threat

It's clear that cybercriminals pose a growing threat to businesses, particularly those that have just been set up, and they have a variety of intentions. Whether it be getting access to sensitive company information or exploiting business partnerships, firms need to understand the risks of cybercrime, research ways of keeping safe and implement them as soon as they can.

Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, The Next Web, T3, Android Central, Computer Weekly, and many others. He also happens to be a diehard Mariah Carey fan!