If you run or work in a busy small and mid-sized business (SMB) in London the last thing on your mind is probably how to protect your business from cyberattacks.\nBut whether you’re based in London or not, according to PriceWaterhouseCoopers (PWC), since 2014 cyberattacks have been the world’s fastest growing economic crime and the numbers continue to rise.\nThe Internet has been a revelation and a revolution. It’s changed our personal and business lives beyond recognition. But, as soon as your enterprise launches a website or signs up for an e-mail service (both pre-requisites for successful commerce today) you’re at risk of – and must want to know how to protect your company from – cyberattacks.\nSo, in this blog post we crunch the numbers about the cybersecurity threat, see how well prepared SMBs are and highlight what you can do to protect yourself. Here’s where you’ll find out more about: \n\nHow prepared is the SMB community?\nThe impact of a lack of resources\nSo, what’s the typical cost of a cyberattack for SMBs?\nPrevention is always better than cure\nMalware\nWeb-based attacks\nDistributed Denial of Service (DDoS) attacks\nPhishing and social engineering attacks\nThe threat from within\nOut of sight must not mean out of mind\nThere’s no such thing as business as usual after a cyberattack\n\nHow prepared is the SMB community when it comes to cyberattacks?\nThe research suggests the majority of SMBs are unprepared when it comes to asking the question ‘How can companies protect against hackers,’ as these figures show:\n\nThe proportion of SMBs reporting at least one or more cyber incident has increased from 33% to 47%\nFor medium-sized businesses, the increase is even greater, moving from 36 percent in 2018 to 63 percent in 2019.\nAccording to Verizon’s 2019 Data Breach Investigations Report, 43% of all breach victims were small businesses.\n\nThe impact of a lack of resources\nWhether it’s not having expert IT staff, the free floorspace to host a secure equipment room or the budget to afford leading edge defensive technology, SMBs typically have fewer resources for cyber-security protection.\nFor example, an SMB IT Security Report by Untangle discovered how 48% of organisations say limited budgets are just one of the barriers they face when it comes to how to protect businesses from cyberattacks. Other research makes for sobering reading:\n\nAccording to Cisco an SMB can face up to 5,000 security alerts per day on average, yet only a little over a half investigate the alerts\nThe Keeper Security-Ponemon Institute report, suggests that six out of 10 SMBs report attacks against them being more targeted, sophisticated and damaging\nThe same report stated that 47% of businesses having suffered one, had no idea how to protect their company from cyberattacks\n52% of SMBs claim they don’t employ an in-house IT professional, according to an SMB IT Security Report by Untangle.\n\nSo what’s the typical cost of a cyberattack for SMBs?\nOverall, organisations with staff numbers of between 500 and 1,000 people shelled out an average of almost £2 million in total costs for each data breach.\nBUT…\nThe average cost of a cyber attack per person on organisations with more than 25,000 employees was £154, whereas organisations with between 500 and 1,000 employees had an average cost of £2,656 per employee.\nPrevention is always better than cure\nHere’s our rundown of the top cybersecurity threats the typical small & medium sized business in London faces and our suggestions to combat them. Don’t worry, we’ve borne in mind any budgetary, space and staff restraints you may trade under.\nMalware\nMalware’s difficult to detect and costly to remediate and mitigate with criminals being motivated by financial gain from extortion, coercion, fraud or stealing sensitive and classified information that can be sold to the highest bidder.\nRecommendations: First and foremost, back-up. Plan it, make it part of your everyday processes and test it frequently. Use what’s known as the ‘3-2-1 Rule.’ That means having three copies of your data (on a workstation, in the cloud and on an external drive array, for example) and on two different forms of media (hard drive and the cloud, for example) with one complete copy held offsite.\nThen ask a managed IT services provider in London about a budget-friendly endpoint protection solution. This can block sophisticated cyberattacks and help to defend your network in lieu of highly-trained IT staff.\nWeb-based attacks\nBy using an Internet browser and your own website as a launch pad, criminals can access and steal confidential client information or compromise your site to make it infect visitors.\nRecommendations: The majority of web-based attacks use your website’s functionality weaknesses via code they input to your site’s entry fields. Therefore, you need to control the types of user input your website accepts.\nAgain talk to a managed services provider in London – especially their security experts – to audit your site for potential weaknesses and correct them. Also, ensure that any app developers or coders working for you are programmed with security uppermost in their minds.\nDistributed Denial of Service (DDoS) attacks\nDDoS attacks often result in extended downtime for your website, costing you valuable opportunity, customers, productivity and, of course, profitability.\nRecommendations: A good quality and well-configured content delivery network (CDN) can help prevent DDoS attacks and provide infrastructure DDoS protection. Talk to your managed IT service provider about the Arbor DDoS solution, for example. But plan ahead anyway and establish processes to help your business deal with one, such as ways to communicate with your customers, suppliers and partners should your website go down.\nPhishing and social engineering attacks\nA frightening 85% of businesses experience this kind of attack and they’re especially worrying now that they are more sophisticated, polished and can carry other sorts of risk (like ransomware) right into the heart of your enterprise.\nRecommendations: Staff training has to be your first line of defence. Help your people to help your business by empowering them to identify and deal with anything suspicious such as phishing emails or links to dodgy websites. Create a culture of cybersecurity awareness amongst your team and make the training of effective digital and data security practices a top priority.\nThe threat from within\nUnhappy and malicious current and former staff will sometimes be a threat to your data security but not always in a way you imagine. Most often, it’s people who are simply negligent, inattentive, careless or abuse their privileges that become an accidental insider and trigger a data breach.\nRecommendations: Include the threat of insider breaches to your data security in your staff training. It reduces the likelihood of a future problem through accidents and carelessness, although not necessarily deliberate or malicious acts.\nIn addition, you can also restrict what devices, programs, files and records your people have access to; check the credentials of everyone who has access to your systems (to ensure their identity, expertise and experience are as claimed) and control and prevent the running of any unauthorised code that’s been delivered to one of your devices, however it’s been delivered. Remember to include your in-house people, remote workers and temporary or contract staff in all of the above checks and balances.\nOut of sight must not mean out of mind\nRecent research by Trend Micro reported that device loss accounts for 41% of all data breaches, compared with 25% derived from hacking and malware.\nTruth is, a member of your team can be using a mobile device to remotely and perfectly legitimately access, view, edit, share and download to their device all sorts of confidential documents. But if\nthat mobile device gets lost or stolen and they haven’t protected it with a suitable passcode, your IT infrastructure, data, intellectual property, customer information and reputation are all under threat.\nAnother danger for remote workers is their repeated connections to unsecured public Wi-Fi networks around London and beyond, which can easily be hacked.\nRecommendations: Education and good governance are vital. On top of this, talk to your team and your managed service provider about the following additional safeguards:\n\nImplement a ‘Role-based Access Control’ (RBAC) model which restricts an individual’s network access based upon their job\nMake good password and passcode management the heart of your data security regime\nUse password managers with two-factor authentication (2FA) and Single Sign-On (SSO) solutions\nInstall remote wiping technology on all your devices\nInsist on Bring Your Own Device (BYOD) best practice in case members of your team want to use their own kit.\n\nThere’s no such thing as business as usual after a cyberattack\nLeading insurer, Hiscox, claims that UK businesses are nine times more likely to be a victim of cyber crime than a burglary. What’s more, a cybersecurity or data breach isn’t just inconvenient and tiresome.\nA Trend Micro survey found that although two thirds of UK companies ended up paying the ransomware demand and received a key or password, only 45% of those got their data back.\nLosing valuable intellectual property and compromising your confidential data can do more than simply cause operational and reputational damage. The financial costs can also be devastating. For example, noncompliance with the EU’s GDPR laws could cost your business as much as €20 million or 4% of your annual turnover, whichever is greater.\nSMBs have to take the cybersecurity threat seriously to protect your company from cyberattacks.\nStart by having a confidential, no obligation chat to the highly expert and experienced managed IT service provider team here at Totality. We’ve earned a Feefo Gold Trusted Service Award, have Five Star ratings from both Trustpilot and Google and deliver unrivaled IT support for London.