54% of SMEs attacked in last year


How do you keep on top of your health and fitness? Do you include the gym in your weekly routine, or kickstart your mornings with a brisk walk? Whatever action you take, the chances are you know you need to put in a bit of work to get the results you want. Now, Chief Information Officer Chris Crowther tells the Business Cyber Centre it’s no different when it comes to protecting your company from cyber-crime.

“It’s all about personal agency,” says Chris, who co-founded the West of England Cyber Cluster and supports SMEs as a virtual CIO. “And cyber-security is no different. Like most things in life, if you want to live long and prosper, you need to put the work in. It’s the same whether you’re talking about physical fitness or cyber-hygiene. You don’t take things for granted, and you organise your routine to ensure you’re in a healthy space.”


Soaring cyber-crime

Businesses across the globe are currently seeing an unprecedented level of cyber-crime. Here in Britain, over half our SMEs (54%) have experienced some form of cyber-attack in the last year, according to a new report by Vodafone Business. Meanwhile, alarming research by IBM Security reveals the UK suffered the most cyberattacks in Europe, accounting for 43% of incidents. And the outlook is no less bleak. Cybersecurity Ventures predicts that by 2025, cybercrime could cost the world economy up to $10.5 trillion every year. That’s over three times the UK’s GDP.

The message is clear, whether you’re an SME or a PLC, we all need to be on high alert. “Many businesses bury their heads in the sand and think ‘this won’t happen to me,’” says Chris, who has led national security programmes in the UK, US and EMEA. “But if they don’t wake up and realise that they need to look after their cybersecurity, it’s only a matter of time before they become a victim.”


Phishing attacks

One of the major risk factors is business email compromise. Known as BEC, business email compromise is a type of phishing attack, designed to trick people into transferring money or revealing sensitive information. While hackers push ‘regular’ phishing emails out to millions of people, BEC emails are often more tailored. For example, they may be targeted at a specific employee who holds the purse strings, along with a bogus payment link to a supposed client.

“A typical scenario might involve criminals attempting to attack an accounts department,” says Chris. “Someone in accounts receives an email, saying the boss is in a meeting, but that this invoice needs paying immediately. Or the message might ask them to click on a link to buy a licence, because it’s needed urgently to win a contract. BEC tends to hit a lot of schools, which can be vulnerable if business managers aren’t IT aware.”


Get the basics right

It might sound overwhelming, but Chris says good cyber-hygiene isn’t as insurmountable as people think. “It’s about having sensible policies in place,” he says. “A huge part of this is educating your employees. Anti-virus technology will sift-out 80% of malware, but if you’re getting emails from companies or people that you don’t know or don’t understand, don’t click on the link.

“The onus is on employers to make cybersecurity attractive and encourage good hygiene within their business,” adds Chris. “If staff don’t have the skills to recognise an attack, ensure they have the training to get them up to speed, so they understand how it works.

“Equally, we need to dispel this idea that cybersecurity is some kind of magic that people won’t understand. The majority of us use IT systems every day, and we’ve all got to grips with the likes of LinkedIn, Facebook and Instagram under our own steam. We are more capable than we think

“Ultimately, you want to get your processes right and ensure your people understand the basics of cyber-hygiene. The aim is to make yourself a hard enough target, so that the criminals go looking for somebody else.

“Rest assured, no one is expecting you to be an expert, but help is available. The National Cyber Security Centre offers easy-to-understand modules on how to improve your cyber security, and the Business Cyber Centre is here to help SMEs prosper and survive in the digital age.”


To discover more about how you and your staff can protect your business, book a free 30-minute consultation with the Business Cyber Centre team here.


At the end of November, the UK government introduced their new, updated Product Security and Telecommunications Infrastructure Bill (PTSI).
Cyber Essentials is a government-backed, industry-supported scheme to help organisations protect themselves against common online threats!
A guide to start by taking cybersecurity seriously.
Paddy Bradley MBE talks about his responsibility in ensuring that the Business Cyber Centre (BCC) is a success.