Compliance

The Impact of Fraud and IT Security on SMEs

By Alan Blaney, Managing Director of Focus Training

The impact of fraud and cyber security crimes can be detrimental to businesses of any size.

However, research has clearly shown that there is a much bigger threat to small businesses, and they are the most size firm affected year on year. 43% of cyber attacks target small businesses, and only 14% of small businesses believe their ability to mitigate vulnerabilities and cyber risks are highly effective. 60% of small companies also go out of business within 6 months of a cyber attack, clearly reinforcing just how damaging these threats can be to SMEs.

Cyber crime remains a massive threat, and if your business finds itself, victim, to fraud or a cyber attack, then specialised services are available to potentially track and reverse the damage done, however, this will come at a cost. Although the risk is high for small businesses, there are many ways in which you can educate yourself and your staff in order to fully prepare them for 

Who/what is most at risk within the business?

Within small businesses, the biggest risk lies in third party suppliers as these often act as a back door to hackers making it crucial that everyone connected to your business (not just your direct employees) are fully aware of potential cyber security threats and have had the relevant training required.

What does best practice look like for small businesses?

Best practice for small businesses would be to have clear strategies in place regarding cyber security guidelines. Staff should remain vigilant at all times and know exactly what to be looking for when it comes to cyber security threats. The more aware everyone is, the less likely it is that the cyber criminal will successfully attack your business.

Where does responsibility for cybersecurity fit within the small business?

Initial responsibility would be the MD of the company as they should be consistently monitoring the small businesses’ cyber security training and strategies to ensure that everyone is fully aware of how to prevent attacks, and also how best to deal with any attacks that happen within the workplace.

Why is cybersecurity a priority for small businesses?

As we have already established, small businesses are actually at a greater risk of cyber security attacks and attackers target small businesses over larger enterprises. Once attacked, small businesses also take much longer to recover from cyber attacks than larger companies, making it even more important that they take the necessary steps needed to protect themselves.

How can small businesses prevent a cyber-attack?

There are a few simple yet effective steps small businesses can take in order to prevent a potential cyber-attack. These include:

  1. Having a clear cyber strategy: this should involve clearly defined structures, processes, and criteria. Your employees should know exactly what risks you face and how to manage them. For example, if data is collected, how is it safely stored? Is it protected? What steps would you take if this were compromised?
  2. Adequate training: Does everyone know what to avoid in terms of potential threats? Do they know not to open a link or attachment from a suspicious-looking source? Implement things such as strong password management and don’t underestimate human error.
  3. Document your processes: Organisation is key when it comes to your cyber security prevention processes. Record, track, and document as much as possible.

About the author

Alan Blaney is managing director of Focus Training and specialises in providing fraud prevention, cyber security, and analysis training courses to businesses worldwide.

With over 20 years of experience within the industry, Focus Training has established itself as one of the UK’s leading providers of such courses. They understand how important it is for both small and large businesses to protect themselves against fraud, theft and criminal activity within their organisation, and therefore work alongside companies to help educate and resolve cases that have had a significant negative impact on a business.