Yet many firms still underestimate the danger these attacks pose. There is still a belief among small and medium-sized businesses that they are too small to be targeted. However, this is far from the case.
Smaller firms increasingly being targeted
It’s clear that cyber security, and email security in particular, is not just an issue for large firms. For instance, according to figures from the government’s 2020 Cyber Breaches Survey, almost half of all businesses (46 per cent) have experienced attacks in the last year, with one in three facing such threats on a weekly basis.
What’s more, research by the Federation of Small Businesses (FSB) last year estimated 10,000 small firms a day in the UK come under cyber attack.
The FSB found that in the previous two years, small firms had reported:
530,000 phishing attempts
374,000 incidences of malware
301,000 fraudulent payment requests
260,000 cases of ransomware
It’s therefore clear that any business that thinks they’re too small to attract the attention of cyber criminals is sorely mistaken. And as the majority of these threats will arrive via email, this is an essential place to focus your efforts.
The email security risks to small enterprises
A common belief among small firms about why they are complacent is they simply don’t believe the information they possess is valuable enough to be worth a hacker’s time – but this often misses the point. Increasingly, it’s not about how valuable the data may be to a hacker, but how valuable it is to you.
For instance, ransomware is an especially big problem for smaller firms. This involves hackers injecting malware into a business that encrypts and blocks access to vital files, and once infected, firms often have no choice but to pay the hackers for the decryption key if they have failed to make timely backups.
This doesn’t just affect for-profit firms. Healthcare providers, charities, churches and educational institutions are all tempting targets for this sort of attack. Indeed, earlier this year, the National Cyber Security Centre warned of a particular trend for hackers targeting schools and universities via phishing emails to extort money.
The losses small firms face
The financial and reputational losses involved in a cyber security breach can often be unbearable for small businesses. This doesn’t just come in the form of direct ransom payments or fraud caused as the result of mistakenly giving scammers financial details.
According to insurance provider Hiscox, the average loss for a small business in 2019 was £11,000, but this can vary widely depending on the severity of a breach, and some companies may never recover. In fact, some estimates suggest as many as 60 per cent of small firms that experience a hack go out of business within six months.
To prevent you from being one of them, it’s vital to boost your security – and this must start with protecting your inboxes from malicious emails. Read our new white paper today to find out how to achieve this by using a layered defence solution.
Download the Essential Guide to Email Security
We have released an Essential Guide to Email Security where you can learn how to defend your firm from email threats.
With over 25 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.