Big companies enjoy the protection of dedicated IT departments, but for small businesses cyber security can often be an after-thought. However, this can be an expensive mistake - the Federation of Small Businesses (FSB) recently found that two-thirds of small companies have been the victim of an attack in the past two years.
This need not be the case though. In fact most scams aren’t as sophisticated as you might think and simply rely on user complacency. The best weapon against this is vigilance, and a few simple steps can help you protect your business.
Established techniques used to commit fraud include "phishing" attacks and Trojan viruses.
Phishing uses email to trick you into giving out personal information, such as bank log-in details, or getting you to download malicious software (known as malware).
Trojans are a common type of malware and can be installed on your computer without you knowing. They can be designed to do many things, including steal money from your account.
Phishing works by sending you an email pretending to be from a genuine company, like your bank, often convincingly imitating the company’s branding and tone. Criminals can also spoof email addresses, so an email may look as if it is from someone in your own company.
The email might ask you to click on a link. This will take you to a fake website where you will be asked to input your secret information, where it will be captured. It also might ask you open an attachment, which will then install malware such as a Trojan.
Phishing emails can be very convincing, so check whether you recognise the sender’s address and if tone and language used is normal for them. If the request is urgent, would you expect this from the sender?
Play it safe
Be suspicious of all unsolicited emails, particularly those that ask you to make a payment, open attachments or click hyperlinks. Verify all email requests by telephoning the sender on a number taken from your own records.
This will help prevent Trojans from being installed, but it’s important to keep your computer safe in other ways too.
Install a firewall and antivirus software. We recommend our customers download Trusteer Rapport, which is free. Keep this software up to date, as well as your operating system and your web browser. Block access to websites your staff don’t need for business. Don’t conduct sensitive transactions over public wi-fi networks or while using internet cafes, as these can be insecure.
Finally, make sure your staff follow these rules and are as vigilant as you, as it just takes one mistake to leave you vulnerable.
Copyright © 2016 Marcelino Castrillo, managing director, Business Banking, NatWest.
For more information on cyber security, as well as other issues affecting small businesses, NatWest’s Business Growth Enablers are running education sessions across the UK, free to anyone running or setting up a business. To find an event near you, go to www.eventbrite.co.uk and search NatWest.
HMRC's latest advice on phishing can be found on the GOV.UK website.
Related articles and resources
You may find the following articles and resources useful:
- How to avoid online tax scammers
- Cyber Essentials scheme
- Save your business from a major security threat