SMEs are losing around £9 billion to fraud every year, with false changes to bank details, viruses embedded in attachments, and duplicate and unknown invoices attached to emails all tactics used.
Crime such as this amounts to £1,658 per SME, finds the research from analytics solutions company Tungsten.
According to a separate study by IT services company Conosco, 98 per cent of small and medium-sized enterprises fail to recognise email phishing attempts. The survey targeted a select group of senior individuals across a range of SME companies, to gauge how well this ‘IT savvy’ group could identify increasingly sophisticated hacking attempts.
Some 70 per cent got more than half the answers right but only 6 per cent managed 100 per cent success, suggesting that businesses remain exposed to risk. But how should your business protect itself against a threat of a data breach?
Know your enemies
Jonathan Martin, EMEA operations director of Anomali, says that the future of your company relies on accurate, realistic knowledge about your enemies.
‘Cybersecurity threat intelligence is the process of collecting and studying clues about the malicious forces working against you. Looking at traffic with an analytical mindset reveals threats and vulnerabilities particular to you,’ he says.
‘Experts cull patterns and profiles from studying trends in huge batches of traffic data. Whether criminals are attempting to gain access via malware sent over email or attempt to hack an employee login, understanding what fraud activity could potentially happen informs your next move.’
It is important to identify your vulnerabilities. Cybersecurity threat intelligence can shed light on how hackers may attempt to breach your defences. Analysis of hacking attempts can reveal means of exploitation that you may not have realised, adds Martin.
Also, diligent monitoring of exploratory pre-hacking behaviour is the best way to protect your unique or sensitive company data and content, especially as some information, once released, cannot be fully recovered.
Martin continues, ‘Keep your network protected with cutting edge cyber threat intelligence to help prevent major breaches before they occur. Adopting a take-charge attitude about protecting yourself from every angle contributes to your longevity and bottom line. Prioritising online security means that cyber criminals may pass you over for another target.’
Jason Fry, cybersecurity specialist and managing director at PAV, says that businesses should also consider the fraud hazards posed by fringe devices, which can range from employees’ mobile devices to memory sticks and tablets to printers.
All fringe devices are susceptible to security breaches and identifying them is key when it comes to maintaining robust defences, Fry says.
A combination of automatic discovery and a manual survey should help you to pinpoint all your fringe devices, he adds. ‘Those already connected to the network can be picked up by most security software, which can perform some degree of automatic scanning to flag them. This should not be relied on for picking up all devices however, as some may have firewalls that would stop such software from communicating with them.’
In order to ensure that you pin down all devices, cross reference the results of a scan with a manual survey and the automatic discovery results, Fry advises. Wired products are easier to identify as you can trace the cables back to where they physically connect to.
Building your defences against fraud
A double defence of technology and policy is needed to ensure your devices are protected from fraud. In terms of technology, multiple levels of security hardware and software should be used to close any gaps and make sure there are no single points of failure, Fry says. Strict processes as to what fringe devices are used for, and have access to, should be adopted and will help to bolster your defences.
There is also a marketing benefit to keeping cyber safe. Renée Frappier, director of marketing for international payment service provider, PacNet Services says that by advising customers of the steps you take to protect your data, whether that is building a secure environment for card processing, or contracting all of your payment processes to a Level 1 PCI Compliant payment processor, your customers will feel more comfortable providing their payment data, and you are more likely to get repeat business.
Boost Capital is committed to helping SMEs grow and is here to help with business loans from £3,000 which can be used towards any business expense, including investing in IT systems and cyber security measures for the future security and growth of the business.