How can SMEs protect themselves from cybercrime?

Here, Terry Greenhowe, Head of Fraud at Ultimate Finance, guides us on how small businesses can protect themselves from cybercrime.

No business is immune from the threat of cybercrime. With the digital age leading us to a world where data is exchanged across different channels and platforms, and saved in intangible places like the Cloud, fraud is now a far more complex operation than before. Although it’s the larger organisations with thousands of customers which tend to receive the most press when it comes to hacking scandals, SMEs are also at risk.

According to the Information Security Breaches Survey 2015, 74 per cent of small and medium-sized businesses reported they had suffered an information security breach, with the average cost of the worst breach between £75,000 and £310,800. With sensitive business data and hefty costs at stake, what can SMEs do to equip themselves in the battle against fraud?

A brief history on fraud

Whilst online fraud is now a recognisable offence in the eyes of the law, this hasn’t always been the case. Before 2006 there was no single, legal definition of fraud. Of course, everyone in business knew what it meant and there were plenty that had fallen victim to it. But the lack of a legal context meant that it was a challenge to identify, report and prosecute fraud when it occurred.

The law changed a decade ago with the introduction of the Fraud Act statute books. This brought clarity to legislation around fraud, not least defining it as an offence in its own right for the first time. Prior to this, committing fraud against a machine wasn’t recognised as fraud– clearly an out-of-date concept in the computer age.

Look out for the warning signs

As the old saying goes, prevention is better than cure. The first step towards keeping your data safe is to make sure that you, and your employees, know the warning signs of fraudulent activity. A business of any size requires a team effort, and this is particularly true in small-to-medium businesses where often employees have multiple roles and responsibilities within the company.

It’s not a fun task, but keeping on top of IT upgrades is a number one priority. Hackers are sophisticated and constantly evolving their techniques, so it’s important to stay one step ahead. A&O IT Group’s recent research revealed 35 per cent of the SMEs surveyed admitted they aren’t kept up to date with the latest IT-related regulations, leaving them potentially exposed to hackers.

SMEs should ensure they have the right IT support in place, whether a part-time employee in-house, or outsourcing to experts, to run regular checks and upgrade.

The Federation of Small Businesses has outlined 10 tips to help SMEs keep safe, which include: implementing a resilient password policy across all staff, securing your wireless network, and implementing clear and concise procedures for email, internet and mobile device.

There are many signs of hacking activity, but some of the most common to watch out for include: a slowdown of your IT systems (which could indicate malware is taking hold), unexpected pop-up windows in your browser, running out of hard drive space and unusually high network activity.

In much the same way as you’d avoid opening a suspicious message sent to your personal email or phone, the same level of vigilance should be paid to work devices and accounts. Business owners should be quick to report any signs of irregular activity; acting fast could save time, money and precious data.

Know who to turn to

When it comes to reporting fraud, there are a couple of options available. One way is through contacting Action Fraud, the centre set up by the UK government to collate all instances of fraud. Where appropriate, the centre will refer the reported fraud case to the relevant police force to make a decision to investigate further.

It’s also possible to report fraud directly to your local police force via a “call for service”, much in the same way as you would report a burglary on your home. This is particularly appropriate if you have information which indicates the fraud may have arisen from a known suspect in the area.


Arrange your business insurance in minutes, by getting a quote and buying your policy online with our insurance partner Hiscox


If a ‘call for service’ to police is required, they should take full details and record a crime, rather than direct individuals to Action Fraud. Generally, the police force covering the area where the suspect operated from or resides should be the force where you report.

Prepare for change

How businesses store, manage and share customer data is a particularly pertinent issue, with the implementation of the General Data Protection Regulation (GDPR) on the horizon. With less than a year to go, it’s important SMEs understand the implications this will have, and the increased responsibility they have when it comes to customer data.

The rise of technology and online data-sharing means the threat of cyber-crime is unfortunately ever-present. At Ultimate Finance, as a business with employees and customers ourselves, we’re doing everything we can to reduce the risk of it occurring.

We’re always alert to the threat of fraud and encourage our staff and customers to recognise the signs.

Terry Greenhowe is head of fraud of Ultimate Finance

Further reading on cybercrime

Related Topics

Cybercrime

Leave a comment