According to research commissioned by BT, thousands of small UK businesses are not protected from cyberattacks due to having no or insufficient cybersecurity.
1,000 decision makers at UK businesses were questioned about cybersecurity. The answers showed that 51% of micro businesses, businesses with 0-5 employees, are not protected from cyberattacks.
Not necessarily because they don’t have any cybersecurity measures in place, but because they are using cyber protection that has been made for domestic use rather than business use. This inappropriate level of protection leaves small businesses open to becoming victims of cyberattacks.
Almost Half Of UK Businesses Suffered Cyberattacks Or Breaches
The research results are also confirmed by the recent Cyber Security Breaches survey conducted by the Government. This survey has found that almost half of small UK businesses have suffered either a cybersecurity breach or attack in the past year.
The Government’s survey also showed that the frequency of cyberattacks are increasing. With 31% of businesses experiencing breaches or attacks at least once a week. Therefore, the Government is calling on small UK businesses to put appropriate cybersecurity measures in place to keep them safe online.
While the frequency is increasing, the number of attacks is the same as the previous year, with 39% of businesses having suffered a cybersecurity issue. However, this number could be higher, as many organisations might not have identified an attack and therefore not reported it.
83% of the reported attacks came from phishing attempts, 21% from more advanced methods such as malware, denial of service or a ransomware attack.
While ransomeware attacks are relatively rare, businesses have identified it as the biggest threat and 56% have a policy in place not to pay ransoms.
Why Small And Medium Enterprises (SMEs) Are At Risk
During the pandemic, the majority of small and medium businesses moved online as a reaction to Covid restrictions, such as lockdowns. As a result, opportunistic cyber criminals have increased their activities.
The main issue is small businesses not having the right level of cyber protection, or none at all. The BT research found that 4% of SMEs don’t have cyber protection. For micro businesses, the number is even higher, with 17% not being protected at all.
The majority of SMEs believe that they are not big enough to be of interest to cyber criminals. This assumption can be a costly mistake though, with the Government estimating that businesses have lost £4,200 due to cyberattacks in the past 12 months.
Any digital business – large or small – can be a target for cyber criminals, and this is something we’ve seen during the pandemic.
Chris Sims, Managing Director for BT’s Single Office/Home Office Unit
And even if small businesses have cyber protection measures in place, often they are not fit for purpose, as many businesses use domestic cybersecurity packages, which are not sufficient for business use.
How You Can Keep Your Business Safe Online
Any business, no matter how small, should have appropriate cybersecurity measures in place. Here are the key measures to keep your business safe online.
Business-Grade Cyber Security
If your company has an online presence, you should have a business-grade cybersecurity package, that will keep your data and your customers safe online. Many small businesses rely on domestic products, which are not sufficient when you are running a business.
[…] whilst consumer-grade products are great for protecting you while surfing the web, accessing emails and other personal use, they’re not designed for running a business which requires more robust protection and safeguards.
Chris Sims, Managing Director for BT’s Single Office/Home Office Unit
Risk Assessment
A main tool to prevent cyberattacks is to assess risks to your business, as this will help you to identify actions to take to prevent cybersecurity issues from happening.
According to the Government survey, only 54% of businesses have undertaken a risk assessment for cybersecurity in the past 12 months. This means almost half of UK businesses have put themselves at risk of suffering from cyberattacks.
Risk assessments should be carried out on a periodical basis to keep abreast of any changes in the business.
Staff Training
With 83% of attacks having used phishing attempts, it is vital that all staff members are trained to spot any such threats and deal with them accordingly.
Many cyber criminals rely on people not paying attention or not being aware of their methods. So, by training your staff, you can ensure that they know how to keep your business and themselves safe online.
As part of this training, you should also include information about your cybersecurity policies, such as password policies.
The pandemic has sped up the move online for many small businesses, which is good news for our economy. However, if these businesses do not protect themselves from cyberattacks, it will also be good news for cyber criminals.
