Back to top

key aspects of cybercrime small businesses need to be aware of in 2018.

There is no doubt that businesses face attacks from cyber criminals on a daily basis, and that cyber criminals will…

key aspects of cybercrime small businesses need to be aware of in 2018

7th February 2018


6 key aspects of cybercrime small businesses need to be aware of in 2018

There is no doubt that businesses face attacks from cyber criminals on a daily basis, and that cyber criminals will be even more sophisticated in 2018. Modern hackers are now using state-of-the-art software and phishing schemes to find weaknesses in company defences.

As a small business you might not have the expertise of an IT department, but it is imperative that you put time and resources into your security to make sure that your cyber defences are solid.

Hackers can steal and sell personal data from credit card details to email addresses – which most companies hold. Cybercriminals are not daunted by the size of the business as the recent attack on Deloitte proved, when hackers stole confidential client data from under Deloitte’s nose.

However, that doesn’t mean small businesses are not attractive to hackers. Small businesses provide an an easier target so hackers can hit a large number of small companies quickly and lucratively. Cyber criminals also target small businesses supplying to the larger companies as the weak link to gain access to the larger company.

1. Key aspect: preparing for GDPR

In just a few months time we will see the introduction of the GDPR – the General Data Protection Regulation.

GDPR will become the law across the EU on 25th May 2018. This will apply to all companies that offer goods and services to EU residents.

GDPR will majorly impact all businesses in the EU or trading with the EU who must now tell consumers that they are storing data, who will see it and what they are going to use it for. Brexit won’t make any difference to the law coming into place – the UK is wholly included in this.

Individuals will have the right to instruct a company to delete their personal details from their systems with ‘the right to be forgotten’. Giving a notice period, they can also request access to any of their personal information.

All businesses must change their data protection to avoid of huge fines for non-compliance. These fines can be up to 4% of your annual global turnover. If a data breach does occur, there is a 72 hour window in which to notify the authorities.


Make certain that your company web access protection is strong
Understand where all information you process is stored and where all the personal data is
Put a procedure into place identify data breaches
Use a cloud to store information as this is the most secure
When asking for personal information, make sure that you supply clear information about where the data goes and who will see it
Test a procedure for when individuals ask to access personal information
If your company is over 250 people you will need to employ a data protection officer

2. Key aspect: cryptocurrency

The latest fashion in cyber-crime is profiting from the cryptocurrency boom. A cryptocurrency is a digital asset used as a means of exchange. Criminals are taking advantage of the fact that most people don’t know what they are doing with cryptocurrency.

We are seeing an increase in cyberattacks stealing computer power to produce their own cryptocurrency for criminal profit.

Not only this, but on 26th January 2018, Coincheck lost the equivalent of $534 million worth of the cryptocurrency through hacking – hitting a record loss.


It’s vital for small businesses to understand cryptocurrencies, otherwise you will not be prepared for the swiftly changing and adapting financial landscape.

Antivirus software can sense cryptocurrency hacking tools, but it can be tricky to spot an inside job. Small businesses need to identify privileged employee accounts that have access to internal systems and monitor them for quick action if needed.

3. Key aspect: machine learning

Hackers can learn new responses and exploit system vulnerabilities by using the same machine learning that companies are using to detect suspicious behaviour.


Make sure that all your basic administrative protection is up to date – for example, changing passwords regularly and keeping firewalls up to speed.

You can also employ ethical hacking, where a cyber security professional pretends to be a hacker to test your security system and then finds solutions for any weaknesses.

4. Sharing sensitive information

As secure as your systems might be, most businesses share sensitive information with suppliers. Your direct control is lost as soon as you share that information.


If a supplier or partner  you are working with is lacking in cyber-defence, then you could also be in trouble. When going into a contract with another company, make certain that you agree on security processes for your own safety.

5. Ransomware

Ransomware  is set to grow in 2018.  It is a software which blocks access to a computer system until a sum of money is paid. The NHS were hit by the WannaCry attack last year, as were other organisations across the world.

Small businesses can’t afford to ignore these global headlines as they are easier to attack than the big organisations, and hackers target small businesses collectively of use them to access the big organisation.


Double your backup with a physical backup as well as a cloud backup.

6. Internet of Things

The majority of cyber attacks are actually via connected devices – the Internet of Things. All businesses use the Internet of Things to make life easier and business faster. However, hackers are continuing to use this to their advantage – particularly with small businesses providing services to large organisations. Hackers use the small businesses as a way of hacking into the large company. Small businesses could risk losing business if their security is not up-to-date, as large organisations won’t take the risk to work with them.


Managed detection and response (MDR) is proactive rather than reactive, and predicts attacks before they happen. Many cyber security firms offer MDR 24/7 for small companies.

You also need to check continually for unusual activity and restrict employee access to file sharing applications in the office.

More than half of UK businesses suffered some sort of cyber breach or attack in 2017. So if you haven’t been the victim of a cyber attack yet, your cyber defences might be good – or you might just have been lucky so far.

A small business can’t compete with amount of money that large companies spend on their cyber defence. However, you can action the above solutions to keep your data safe, make your company a less appealing target to cyber criminals and make your small business less of a risk to work with.

Categories: Advice, Articles

Discover Our Awards.

See Awards

You Might Also Like