Sarah Janes responds to a feature on The One Show and reflects upon how small businesses should educate employees and protect themselves against fraudsters.
Did anyone see this on prime time BBC1 recently? The One Show had an item about cyber fraud in small businesses. Does this mean the topic that we all know the importance of has finally gone mainstream? Does it mean the board, our employees and our shareholders now see security awareness (and improved security culture) as something significant and worth investing in?
How fraudsters are phishing small businesses
For those who didn’t see it, the feature focused on CEO fraud, in particular, the spear phishing of particular staff with emails ostensibly from the boss or a supplier requesting payments. I’d like to congratulate Dave Mooney from Drallim for going on air to talk about this publicly. I’m sure I’m not alone in having more confidence in him and his company for admitting they were caught out and showing us what they are doing to ensure they don’t fall victim again. It’s those companies that don’t see the problem and who try to hide security breaches who we should be wary of trusting.
What can small businesses learn from Dave Mooney?
1 – Small businesses are victims too. Don’t be fooled by thinking that just because you are small you won’t be a target. We may hear more in the media about the big boys getting breached, but dig a little deeper and it’s affecting smaller businesses just as much. The clip from the One Show gives us one example, but there are countless companies out there who are the victims of a range of attacks, costing those small businesses millions. And it’s the people in those companies who are seen by criminals more and more as the weakest link and the easiest way in.
Apart from finances, IP and other data is often of huge value to smaller businesses and start-ups – and to those who would use it maliciously. A story from a few years ago has stuck with me. In 2012 the US Commerce Department found that Chinese solar product manufacturers had “dumped” products into US markets at prices below fair value. Criminals had stolen thousands of files belonging to the US company SolarWorld. These included their cash flow, manufacturing metrics, production line information, costs, and privileged attorney-client communications relating to ongoing trade litigation. This information enabled the Chinese competitor to target SolarWorld’s business operations aggressively from a variety of angles and undercut them. Click here if you want to read more about this.
2 – If you’re small it hurts. £5k, £10k, or even £100k might seem small amounts compared to the millions which well-publicised breaches of large organisations have cost, but to a small business they could mean not meeting payroll that month… or worse!
3 – Relationships are the key to protecting yourselves. Dave Mooney spoke about relationships and the value of talking to people. In a world that has become highly process and systems driven we have lost the art of collaboration that allowed generations before us to ‘suss out’ the would-be scammer. A small company doesn’t have the silos and command chains that can hamper the free-flow of dialogue essential to helping a business to protect itself. Being small can work to your advantage here, as it’s possible that everyone in your business knows each other and communicates easily and well.
4 – When you’re small it’s easier to fix. Dave Mooney talked about why it was easy to change culture in his business and, once again, that had to do with being small and everyone knowing each other. Larger businesses become complex and fragmented. Getting security culture right whilst your business is small is much more effective, in terms of both results and costs. Once a healthy culture is embedded it can be sustained and scale up as you do.
At Layer 8 we have a passion for working with companies to ensure they really do build an effective human firewall, rather than paying lip-service to this important topic. We are sensitive to the needs of your business and understand that a change in culture needs to fit in with the way you do business rather than being cumbersome and time-consuming. Have a look at how we make this happen through our range of products and services…