Cybercrime and SMEs

Here, we look at the topic of cybercrime and the targeting of small businesses by criminals.

Small and medium-sized enterprises (SMEs) account for the bulk of all private sector businesses in the UK. All of them bring in revenue and hold intellectual property, and many have exploitable links to larger companies. Cyber criminals are going where the people and the money are, and they know that SMEs typically have fewer defences than the average large company.

Orla Murphy, small business expert at Symantec says, ‘On top of that, the risk to the overall livelihood of the SME is much greater than the typically more protected enterprise. With less protection in place and less cushion to help your business recover from a breach, for an SME, an attack can mean the difference between success and failure.’

Alan Ryan, security practice director at MTI says that protecting against sophisticated cyber attacks is particularly important for companies with an e-commerce platform, but how do companies determine whether the person on their website is a customer or a criminal?

‘It can be very difficult to detect cyber criminals with traditional technologies,’ he says. ‘Previously, you would have to rely on tools that manually sift through log details. These traditional security tools simply are not able to keep up with the amount of data that is produced today.

‘Now, more sophisticated intelligent technologies are able to analyse this information in real-time. The technology looks at the normal behaviour of customers and identifies any irregular activity on a website and flags this automatically.’

With an increased reliance by consumers on mobile devices to communicate, transact and authenticate, the hot topic of identity theft and mobile fraud has progressed from being merely a niche occurrence to a widespread and global concern for many, according to Mark Somers, technical director at 54most Europe.

‘The concerns not only stem from banks, retailers and mobile payments providers, but also for mobile service providers too, who are managing their reputation and brand within this problematic industry,’ he adds.  

‘There have been many examples of high sensitivity data being used on mobile phones. Email addresses, password safes, text messages, mobile banking, purchases of apps are just some of the kinds of data consumers store on their mobiles.

‘This makes for an incredible opportunity for would-be fraudsters and protecting the integrity of this data is set to dominate mobile fraud prevention efforts in the next five years.

A credit report monitoring service

Changes to your business credit score could also be an indicator of fraudulent activity against your business. Experian provides a detailed credit report monitoring service for small businesses, My Business Profile which provides automatic alerts whenever there’s a major change to your business credit report. Helping you to reduce the chances of fraud and enabling you to act quickly to reduce any negative impacts to your business and credit score.

Related: How can SMEs protect themselves from cybercrime?

Study finds small businesses open to cybercrime

Some 42 per cent of small and micro businesses in the UK report having experienced cybercrime, according to a study by the Association of Accounting Technicians.

However, the research also reveals that many of those businesses are not taking the precautions they should to protect themselves. Of the respondents affected, 23 per cent had suffered virus infection to their business computers and 22 per cent had been victims of phishing – where sensitive information such as passwords are stolen by someone pretending to be a legitimate organisation.

Card fraud is also common, with more than one in 10 respondents (12 per cent) saying they had been victims.

Despite the high number of businesses who have been victims of cybercrime, a significant number of small and micro businesses are still not doing what they need to do to protect their businesses.

Some 69 per cent report using regular updates of anti-virus software, meaning that 31 per cent are not guarding against computer viruses and malware.

Two thirds (66 per cent) report using firewall protection; meaning 34 per cent of businesses do not. Only 38 per cent report changing their business passwords regularly, which is essential for keeping passwords secure.

Only 30 per cent report regularly installing security patches, which are needed to keep security software up to date for the latest threats, and 14 per cent report not using any methods at all to protect their business from cybercrime.

Rik Ferguson, vice president of security research at security software company Trend Micro says, ‘This research shows that although many business owners are aware of cybersecurity risks and are taking action to guard against them, there are still some who need to do more to protect their businesses.

‘There is good cybersecurity advice available for free online, but businesses should always consider finding a trusted specialist security partner, as different businesses will have different security needs depending on what they do, and security advice is not one size fits all.’

Mark Farrar, AAT chief executive adds, ‘Keeping online information secure is vital. A security breach could put you out of action and cost you money, which can be fatal for smaller businesses that have very little time and money to spare. Businesses should always protect every aspect of their online profile.’

Further reading on cybercrime

Ben Lobel

Ben Lobel

Ben Lobel was the editor of from 2010 to 2018. He specialises in writing for start-up and scale-up companies in the areas of finance, marketing and HR.

Related Topics


Leave a comment