The North West Cyber Resilience Centre (NWCRC) is warning businesses to urgently step up protection in the wake of rising cyber crime figures. In particular, the police-backed not-for-profit organisation is cautioning against email compromise, as that is often a weak point for attackers to take advantage of.
Not only can a cyber attack completely wipe out a small business, but the lasting reputational and financial damage can be substantial.
DI Dan Giannasi, head of cyber and innovation at the NWCRC, said: “Usually the most common point of attack for an SME is by a phishing email, where an employee believes it to be a genuine email about an invoice or a service, for example, and clicks on a link.
“From that point, a cyber attacker can quickly take over a whole system and literally hold a business to ransom. One cyber attack can cause significant financial damage and could even wipe out a business completely.”
A recent report by Hiscox found that in three years, the proportion of small businesses with fewer than 10 employees becoming victims of a cyber attack has increased from 23% to 36%.
On top of that, the number of overall businesses who have suffered at least one cyber attack in a year has steadily increased every year for the past four years, with 53% of businesses suffering a cyber attack, up from 48% the previous year.
The report also confirmed that the favourite entry point for hackers was once again business email compromise, mentioned by 35% of targeted companies. On the positive side, this figure has reduced, which shows that preventative work and education does make a difference.
DI Giannasi continued, “While cyber crime continues to be a big concern for SMEs, there are many practical and easy steps they can take to really step up cyber security and cyber health. A Microsoft report stated that by ensuring basic cyber resilience hygiene, like keeping devices and software up to date and enforcing multi-factor authentication, a business can prevent 98% of attacks.
“Our key messages are to carry out basic cyber health checks and ensure that your employees also understand what is good practice regarding cyber security. The weak point for cyber criminals will be a single employee, so it’s good to train as many employees on good cyber practices as possible.
“From a policing point of view, we are working hard with businesses to educate and provide training for SMEs to prevent such attacks.”
Advice from the NWCRC cyber security consultants comprises of:
- Use a strong password and multi-factor authentication.
- Ensure you can recognise phishing emails, and also report any phishing attempts to Report@phishing.gov.uk.
- Ensure all business computer equipment and software is updated regularly.
The North West Cyber Resilience Centre works closely with the regional police forces to offer free training to SMEs, which is funded from the proceeds of crime funds (ARIS funding).
The organisation offered 300 free memberships and free training across Greater Manchester throughout 2021 to 2023. In August this year, they launched 300 free memberships with training to SMEs in Merseyside. Other regions in the North West are to be rolled out over the coming months as well.
The NWCRC runs funded or affordable training and education for small to medium businesses, as well as the education and charity sector. They also work closely with the NW Regional Organised Crime Unit, who investigate cyber crime in the region.