SMEs face increased cybersecurity risks, phishing attempts

SMEs face increased cybersecurity risks, phishing attempts

Data security experts warn accountants that phishing and hacking schemes are on the rise, putting firms at risk of GDPR fines and data breaches

SMEs face increased cybersecurity risks, phishing attempts

Since coronavirus forced accountants into remote working, cybersecurity threats have skyrocketed, fuelled by an increased amount of emails being sent globally.

Cybersecurity firm BullGuard recently found that one in five UK and US-based small businesses are not using any form of endpoint security – and that 43 percent of SMEs have not implemented any cyber-defence plan.

“If you’re not using a VPN (virtual private network), it’s a fairly straightforward method for somebody to sniff your traffic and everything that you’re doing – passwords, usernames, even extract sensitive information that you may be sending back and forth over the network,” says BullGuard’s CEO, Paul Lipman.

Since VPNs act as encrypted tunnels between a device and a network, they offer an additional layer of security to Internet traffic. However, while VPNs can be extremely beneficial, Lipman adds that they should not be a company’s only protection.

“You should be using commercial-grade anti-malware on all of the devices you use to connect, whether it’s a device that has been issued by your firm, or if it’s a personal device that you’re using to connect,” Lipman says. “It’s ultimately the last line of defence, and it’s critical that you have that in place.”

Avoiding a viral, costly mistake

BullGuard’s research also found that during 2019, almost 20 percent of SME owners were hit with a data breach or cyberattack, costing businesses thousands of pounds in recovery fees.

Some firms may feel sufficiently protected by low-level antivirus software and want to avoid the cost of additional programmes during a financially difficult time.

However, Neill Lawson-Smith, managing director of IT firm CIS, explained via email that the up-front cost may mitigate larger, costly attacks.

“Many online storage technologies do not have data backup or cyber protections beyond the basics, and companies are overlooking to check the small print due to time constraints,” Lawson-Smith said. “I am concerned over the inevitable risks that these short cuts will lead some to face crippling data loss or GDPR fines once the pandemic is over.

“Companies have not tested their disaster plans sufficiently or regularly, and thus taking huge risks with home workers having copies of company info scattered across the Internet with little thinking about protecting that adequately – it’s another disaster waiting to happen.”

Security firm Barracuda Networks found there were over 9,000 identified coronavirus-related phishing emails pushed out during March – a 667 percent increase over February – designed to install malware, swindle victims, and obtain data.

Philip Bridge, president of data recovery firm Ontrack, pointed out via email that as employees work remotely from under-secured networks they may leave their business open to attack.

“We have to remember that cybersecurity is mostly a human issue; the employee controlling the computer will always be the weakest point of any system – for example, ransomware through a phishing email only has legs if an employee clicks on the link in the email,” Bridge said, emphasizing a need for employee vigilance.

Staying scam-savvy

A March report by the Office for National Statistics found that from April 2018 to March 2019, there were 444k cases of computer misuse related to viruses, and 522k cases involving “unauthorised access to personal information, including hacking.”

Additionally, an HMRC spokesperson said that as of April 20, they had detected more than 54 coronavirus-related email and mobile text financial scams, sending out takedown requests to several Internet Service Providers.

Phil Beckett, managing director at Alvarez & Marshal, explained that some scams have become very sophisticated and may not initially look out-of-place.

“Some of the hacking scams get very, very good – they have the right graphics, they have the right people, they have the right language,” Beckett said. “One of the keys is to really focus on who it’s come from, and not just what it says.

By holding a cursor over an email address, a sender’s true email address can be identified, showing where the message originated from. However, Beckett warns that this is not always fool-proof, and hackers are becoming more savvy at hiding their true identities.

“If people are asking you for information that you don’t think they should be asking you for, that’s something to also be very aware of,” Beckett said.

Likewise, HMRC has issued guidance as more scams target coronavirus assistance programme applicants, like those on the Coronavirus Job Retention Scheme, asking for information to process claims.

“If someone texts, emails or calls claiming to be from HMRC, saying that you can claim financial help or are owed a tax refund, and asks you to click on a link or to give information such as your name, credit card or bank details, it’s a scam,” an HMRC spokesperson said.

Resources & Whitepapers

Why Professional Services Firms Should Ditch Folders and Embrace Metadata

Professional Services Why Professional Services Firms Should Ditch Folders and Embrace Metadata

1y

Why Professional Services Firms Should Ditch Folde...

In the past decade, the professional services industry has transformed significantly. Digital disruptions, increased competition, and changing market ...

View resource
2 Vital keys to Remaining Competitive for Professional Services Firms

2 Vital keys to Remaining Competitive for Professional Services Firms

1y

2 Vital keys to Remaining Competitive for Professi...

In recent months, professional services firms are facing more pressure than ever to deliver value to clients. Often, clients look at the firms own inf...

View resource
Turn Accounts Payable into a value-engine

Accounting Firms Turn Accounts Payable into a value-engine

1y

Turn Accounts Payable into a value-engine

In a world of instant results and automated workloads, the potential for AP to drive insights and transform results is enormous. But, if you’re still ...

View resource
Digital Links: A guide to MTD in 2021

Making Tax Digital Digital Links: A guide to MTD in 2021

1y

Digital Links: A guide to MTD in 2021

The first phase of Making Tax Digital (MTD) saw the requirement for the digital submission of the VAT Return using compliant software. That’s now behi...

View resource