Latest from HRi

5 January 2021

HRi Latest Blog – Be Cyber Aware

  • HRi blog
  • , HRi highlights
  • , Latest news

Posted by: Katy Mcminn

Cyber-attacks are what every business fears. But it is not just government and  large corporates that are subject to cyber threats on a frequent basis.  Small businesses may also suffer cyber threats. 

Over their lifetime, the majority of small businesses will suffer losses as direct results of the activities cyber criminals, putting their money, data and IT equipment at risk. Data at risks include trade secrets, pricing, client list, financial information, growth plans, product designs and manufacturing processes. 

Every business, regardless of size, has an obligation to safeguard their data under Data Protection Act 2018 and General Data Protection Regulations (GDPR). Failing to meet these requirements will result in reputational damage, loss of trust and confidence and fines. 


What might a Cyber-attack look like?

Cyber-attacks are criminal activities in which computer systems, networks or applications are targeted and hacked with the intention of theft, destruction, denial of service or demand for ransom. The top 5 cybersecurity threats to small businesses are:

Phishing Attacks

The most common cyber-attack on small businesses is phishing. Phishing attacks occur mostly through email communication, where the attacker pretends to be a trusted or reputable source and lures the user to click on malicious links or install malware with the intent to steal sensitive information, login details, account details or credentials and to fraudulently request payment. Phishing may also take place through social engineering by targeting business owners and employees, to gain access to sensitive information. 

Malware Attacks 

Malware is malicious software designed to cause harm by taking control of devices, locking devices or unusable, stealing, deleting or encrypting data, gaining credentials and using services which may cost you money. 


Cyber criminals are very much aware of the fact that most small businesses may not have robust backup management process in place. Ransomware denies access to computers or steals, encrypt or delete the data. Ransomware may also spread to other computers on the network. The attackers typically demand payment before they release the data, leaving businesses with the choice between paying up or face disruptions to service due to the loss of data. Making ransom payments does not guarantee that the criminals will release the data.

Weak Passwords

The need for using multiple systems for business and personal use leads the requirements for unique strong passwords for each of these systems. The temptation to use one password or a slight variant of it for accessing multiple systems or sites is great. Using weak passwords can lead to unauthorised access, thus compromising the data. This may include client confidential, sensitive information and financial information. 

Insider Threats

Insider threats are risks caused by the actions of employees, formal employees, associates or contractors. Loss of data, release trade secrets and/ or compromise the integrity of data. 


How to protect your business

Protecting your business against cyber-attacks does not need to be daunting. Implementing simple steps is easy to action and makes a huge difference and ultimately contribute to making systems and the information contained in them as secure as possible.

Follow these top tips to proactively protect your business against cybercrime: 

  • Deploy reputable anti-virus and anti-malware software on all devices
  • Use strong passwords on all devices, systems and to access services
  • Implement two factor authentication
  • Secure Backup management 
  • Regular Software updates
  • Training and cyber awareness for employees
  • Clear data security policies and procedures
  • Regular audit of internal controls
  • Active and dynamic risk register

Cyber security insurance provides additional protection against cyber threats and assistance with the recovering from cyber incidents.

Small businesses need to be proactive about data management and data security in order to survive or minimise the impact of cyber-attacks on their business. 

Be smart. Be Cyber aware. Be active in managing this business risk and feel confident.  

Author: Mary Asante, Director, HRi