SMEs urged to reassess data and cyber security processes

UK small and medium-sized enterprises (SMEs) are being advised to “take a frank look” at their data and cyber security processes, amidst growing concerns that small businesses are becoming prime targets for fraudsters.

The comments come from leading information services group Experian, which has warned that the cyber security systems used by SMEs are generally not as robust as those of larger companies and corporations, and therefore smaller firms could be at greater risk of cyber attacks.

Nick Mothershaw, ID and Fraud Expert at Experian, has suggested that business owners should prioritise the re-assessment of existing cyber security processes in the wake of recent events, such as the frightening ransomware attack that hit the NHS earlier this year.

“Businesses face risks in many forms, including ‘man-in-the-middle’ attacks, ‘friendly fraud’, ID theft and money laundering,” he said.

“Business owners should take a frank look at their data and processes to see how well protected they are; it can be surprising to find out just who has access to what.”

His comments follow a recent study carried out by fintech firm Tungsten Network, which found that UK SMEs are losing approximately £9 billion a year due to what has become known as ‘invoice fraud’.

This kind of fraud, which occurs when businesses receive unsolicited bogus invoices from scammers, tends to come in two strands.

In some cases, suspicious invoices will contain malicious email attachments such as viruses and ransomware. In others, scammers may target businesses by manipulating existing email communications or sending opportunistic invoices informing the victim of a false ‘last-minute change’ to bank account details.

Mr Mothershaw warned: “For an SME with hundreds of customers, as well as suppliers and partners, it’s not always easy to spot unusual activity quickly on statements and reconcile it.”