Why are small business or charities hit?

Smaller companies can be softer targets

Small businesses often ask us why they’d be of interest to cybercriminals; most of them don’t know about the government figures showing that two in five of them are hit every year. 

And because it’s only big businesses that make the headlines, they don’t realise how vulnerable they are. The Southwest Cyber Resilience Centre (SWCRC), led by serving police officers and Home Office-backed, looks at what might be the attraction.

Well, of course, a lot of attacks aren’t targeted at individual businesses. They seek to exploit known weaknesses which are all around us. That might be a technical fix, which you don’t have because you’re using older software, don’t have IT expertise, or don’t update your systems regularly. Or it might be low staff awareness, which makes you more liable to click on dubious emails which larger companies would have filtered out with automated software. So you’re not a particular target, you just happened to present yourself as one.

But it’s also absolutely true that you might be personally targeted. You have to file annual returns: so what you do, how much you make, and quite a lot else about you besides, will be on record. Cyber crime can be depressingly simple and if there’s a few thousand pounds as a payoff, a criminal might just come knocking. After all, if you’ve low awareness and limited protection, you’re simpler to hit than a big business. And you’re less likely to have backup, incident response plans, or a technical team to help you, so if there’s a ransom involved, you’re quite likely to pay it. Plus, you shouldn’t underestimate how important small businesses can be: you may have important intellectual property information, or data which is worth a lot of money.

Which brings us to the last point: it’s not always about you at all. Sometimes, small companies are linked to bigger ones. And bigger ones are often harder to crack open. So if someone can compromise your accounts, they can use them to send malicious software and links on to the people you do business with.

But of course, with your limited resources and possibly limited expertise, you can’t do much about cybercrime anyway. Or at least, that’s what we’re often told. The good news is, there’s loads you can do. In the real world, you can’t afford a bank vault in your basement, but it doesn’t stop you locking your front door. And in the digital world, a few simple steps will make you a very much tougher proposition. Use strong passwords, implement two-factor authentication, updates your systems, and train your staff. All of it can be free. If you want to know more, your local cyber resilience centre is here to help. Police-led, Home Office funded, and with free core membership to help regional business.

What are the simple things I can do about it? 

5️⃣ Read the South West Cyber Resilience Centre's 5 fundamentals of cyber security for some quick wins and vulnerabilities

Where can I get training?

There are loads of companies out there offering staff training. But in 2021, only 17% of businesses trained their people about avoiding the cyber threat. And with a majority of breaches coming from something that a person did wrong, it’s worth knowing about the simple and free material that’s out there to help you. Find out more here.

What is a cyber resilience centre?

Cyber resilience centres are funded by the Home Office to support small businesses and charities across England and Wales. They’re part of a national policing programme. We look after you for free, because you often have limited resources, and because you are a crucial part of our regional economies. Wherever your local centre is, its no-cost core membership will offer free national guidance, a series of simple emails guiding you to become safer, and a regular update on what to look out for each month. It will also offer an inexpensive way to get your systems checked, your plans reviewed, and your staff trained. You can find out more detail about the SW centre here, or link to other regional centres here.

Cyber path – Cyber Resilience Centres' student services

Cyber path offers small businesses a route to support which they might not otherwise be able to afford. Working with undergraduate and graduate students from around the region, we’ve developed a catalogue of offerings which can benefit your business or charity. All of the services are overseen by experts, tailored to you, and include a detailed presentation for you to explore any issues raised in our written reports. More detail here.

Current member offers

SWCRC works with industry partners who genuinely want to look after small business and charities. Whilst we don’t directly recommend other companies or their products, if they’re offering something that we think might be of interest, we’re happy to let you know about it. You can find out more detail on the current SW region member offers here

What is Cyber Essentials?

Cyber Essentials is a government-backed scheme which shows that you’ve achieved a basic standard of cyber security. Meeting the criteria will significantly reduce your likelihood of being breached, and in many cases it will also provide free insurance and support if an incident happens. You can find out more about the scheme here.

Related Articles
Cyber Security January's three top tips for securing your business
January's three top tips for securing your business

Expert guidance from the South West Cyber Resilience Centre.

Cyber Security Why cybercriminals love your SME
Why cybercriminals love your SME

With 2/5 of UK SMEs being hit, what's the attraction?

Cyber Security November's three top tips for securing your business
November's three top tips for securing your business

Expert guidance from the South West Cyber Resilience Centre.

Cyber Security How to get FREE cyber insurance for your business
How to get FREE cyber insurance for your business

£25,000 cover with Cyber Essentials

Cyber Security 5 fundamentals of cyber security
5 fundamentals of cyber security

Identify your risks and vulnerabilities

Join the discussion

Share this story

Rate the Article

Click the link below to rate this article

Rate this article

We're a community where IT security buyers can engage on their own terms.

We help you to better understand the security challenges associated with digital business and how to address them, so your company remains safe and secure.

Interested in what you see? Get in touch, and let's start a conversation Get in touch