Why SMEs are Key Targets For Cyber Scammers

Businesses are acutely aware of the need to secure their data assets to prevent attacks from Cyber Scammers, yet how many of them actually do?

According to government figures, cyber crime costs the UK economy £27 billion each year, and 22 per cent of people believe that they could be targeted by fraudsters. Yet at the same time, 32 per cent of people surveyed said they were not overly concerned.

Small businesses are arguably complacent about cyber security. Perhaps they think they are insignificant, compared to notable hacking cases targeted at the likes of LinkedIn, Sony and Apple. Yet businesses underestimate the value of the intellectual property they work with, particularly when they are acting as suppliers to much larger clients.

The Real Risks

The same survey reveals that 20 per cent of businesses have some kind of anti-fraud training programme. What about the ones that don’t?

As cyber crime yields more valuable returns, hackers are coming up with more sophisticated ways to trick us. And in any system, the weakest link is always going to be the user. Most of us are wise to basic phishing scams, but social engineering is still catching out many businesses.

We’re also seeing a shift towards telephone scamming, because the recipient of a telephone call tends to be more trusting, and less able to quickly evaluate the legitimacy of a caller.

That’s not to say we can disregard the threat of viruses, spyware or malware, which still wreak havoc on corporate networks, and are surprisingly easy to catch. One employee, using their own device, could unwittingly connect to a public network while away from the office. When they return to base, the infection is transmitted almost instantly.

Corporate Responsibility

For SMEs, there’s a responsibility to act with due diligence when dealing with corporate data provided by clients and suppliers. Often, smaller businesses are the perfect target; they’re less constrained by regulatory compliance, and more willing to take calls with an open mind. Sadly, the lack of filters makes them easy gateways to valuable data and funds.

In particular, junior members of staff need to be aware of the scams that are targeted at them, such as unsolicited requests for payment, and bogus late invoice notices. These are becoming more common and believable as scammers become more professional.

Often, the fake invoice will be preceded by a phone call by a scammer posing as a client, which is used for fish for information, and make the subsequent email more authentic. Even if the scammer is looking for login information, rather than funds, the information they acquire could lead to serious consequences for the supplier-client relationship.

Future-Proofing Against Fraud

Email filters help, and system scanning is useful, but the scammer knows that individual users are the best way to get into a system. They might trick someone into installing a browser add-on that reveals their details, or lead them through bogus security checks.

Either way, businesses need to incorporate cyber security training into every induction and review, and they must commit to renewing new hacking methods at regular intervals. It’s good practice to use cloud telephony solutions that can automatically record calls, and to terminate any call that seems suspicious.