Four reasons hackers love SMEs

Cyber crime poses a very real and present danger to UK small businesses. Matthew Pink, a digital publishing expert, explains how to protect your company from hacks.

Last Updated: 09 Oct 2013

Research suggests that as many as 1,000 cyber attacks per hour are launched against UK networks. And we’re not just talking the large multinational corporations here, we’re also talking about the smaller, more agile, less organisationally-encumbered folk of the small to medium-sized businesses community too.

Everyone is fair game.

Regardless of the amount of data you or your business stores, or the amount and calibre of the assets it boasts, if your company has an internet address it is at risk from being targeted by hackers.

Furthermore, it is not only your business assets which are at risk in this new hack-happy culture: your personal identity is too. Both are easily manipulated to serve the hackers’ intentions.

So, if you haven’t already, it is probably high-time to get wise to the danger areas. The powers that be have cottoned on to how critical this area of business is going to be in the short-term. In March this year, Francis Maude, Minister for the Cabinet Office, announced a new government and industry partnership aimed at increasing the sharing of information on cyber security - the (practically named) Cyber Security Information Sharing Partnership or the CISP.

According to the UK Government 93% of large corporations and 76% of small businesses reported a cyber breach in the past year and the cost of a cyber security breach is estimated to reach between £110,000 to £250,000 for large businesses and £15,000 to £30,000 for smaller ones.

Consequently, The Strategic Defence and Security Review allocated £650 million over four years to establish a new National Cyber Security Programme. The key underlying objective? Develop the UK’s cyber-security knowledge and skills. And do it fast.

But what makes an SMEs susceptible to hack attacks? Below are four rosy apples placed on the head of small businesses that hackers love to shoot their cyber arrows at.

1.) Credit card catnip

It is highly likely that as a small business you unwittingly harbour a veritable digital treasure trove of financial data that is pure catnip to hackers.

Most businesses now process transactions from their customers via complex digital ecommerce systems and, as part of this, can retain credit card details on their servers for their own ease of use and that of their customers. On top of this, there is the data pertaining to the company’s proprietary cards to consider.

This hyper-sensitive data, if stored at all, needs to be tenaciously safeguarded as, should it to fall into the wrong hands, could wreak financial havoc for the unsuspecting consumer, you or one of your customers.

The resulting financial fall-out may well not be covered by your insurers either; you would be extremely wise to check the small print on your policies in this case.

2.) Consumer data bait

It’s not just card data that could paint a big target sign on your business; valuable customer profiling data will also lure hackers too.

This confidential data chum in the water might include personal data - passwords, age, date of birth, country of origin, address, for example, - or it might stretch to purchasing patterns, preferences, or maybe particular items.

What you buy, when you buy it, with what regularity, where you buy from and how you buy, all add up to a rounded profile of a human consumer. This data gives the hacker the separate pieces of the puzzle when piecing together an idea of someone’s identity. The more complete the digital profile, the greater the chance the imposter has of being accepted as the genuine article.

With a full profile sketched out, the hacker/data abuser can then let loose with whatever identity fraud, spamming, phishing, virus-spreading scam they have in mind.

3.) Asset turnover

Once a hacker has access to your systems, they have access to a wealth of information and asset-sets which are uniquely related to your business. This might include sensitive research projects, product innovation documents, staff data, designs, tenders or future business plans.

This kind of data is not only extremely valuable to you in your existing commercial relationships but think what could happen were it to fall into the hands of competitors. Moreover, as exclusivity is a common feature of commercial relationships between SMEs and their clients, the value of that data becomes immediately magnified. Once published, that uniqueness evaporates forever.

4.) Numbers game

The simplest reason SMEs are targeted by hackers is the sheer volume of them, all of which are at extremely different stages in their development.

Often, SMBs do not invest and develop their cyber security. Hackers are wise to this common lapse of judgement, misplaced faith or budgetary limitation. Small business servers, as a result of this lack of investment, stand exposed in the plains.

From locations far and wide hackers employ scanners to interrogate thousands of random internet addresses, searching for any network with open ports. If the correct business security is not in place, the hackers waltz right in and give themselves a tour round the information architecture of your business.

So how to stop the hackers at the gate?

The solution is straightforward and, crucially, very achievable; invest in defence systems and business security packages tailored to your type of business. The right business security software will protect your assets, files and data, keeps servers running at their peak performance and prevent the spread of online threats and viruses. This needn’t eat too much into your capital expenditure budgets either.

At the same time, just as the government is taking steps to educate and inform business leaders of the threat, there is also a need to educate your staff from the top-down, both technical staff and non-technical, on best practice policies regarding secure IT use at work, and if they use their own devices at work, at home too.

Good, secure IT use and protective practice is like good management - you lead by example.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

How to find the right mentor or executive coach

One minute briefing: McDonald’s UK CEO Paul Pomroy.

What you don't want to copy from Silicon Valley

Workplace Evolution podcast: Twitter's former EMEA chief Bruce Daisley on Saturday emails, biased recruitment and...

Research: How the most effective CEOs spend their time

Do you prefer the big, cross-functional meeting or the one-to-one catch-up?

6 rules for leading a remote team

Our C-suite panel share their distilled wisdom.

Showing vulnerability can be a CEO’s greatest strength

Want your people to bring their whole selves to work? You first.

A mini case study in horizon scanning

Swissgrid has instituted smart risk management systems for spotting things that could go wrong before...