Procurement · 29 October 2015

Small firms warned they remain “ripe and easy pickings” for cyber attacks

Cyber crime is massively underreported as many don't want to admit they have been conned
Cyber crime is massively underreported as many don’t want to admit they have been conned

The Scottish Business Resilience Centre has warned small firms remain “easy pickings” for cyber attacks and need to take better pre-emptive action.

The organisation, which works on cyber security in Scotland, has urged small businesses to follow a series of measures in order to best protect themselves from hackers.

It comes following recent cyber attacks on businesses both big and small – TalkTalk said potentially all of its four million customers could be affected, while a Scottish hairdressing salon was forced to pay a ransom to hackers, when they locked its database and threatened to delete information.

SBRC director Mandy Haeburn-Little said there was a prevailing belief that cyber attacks still really focused on large businesses, but the reality was small firms often faced the biggest threat.

Often small firms don’t have the means to protect their information as securely as bigger companies, but Haeburn-Little said they still had lots of valuable information and as a result are viewed as “ripe and easy pickings for cyber criminals”.

The SBRC has found small businesses tend to avoid reporting cyber attacks because they worry about the reputational damage they will suffer afterwards.

Colin Borland, of the FSB in Scotland, said: “Cyber crime is massively underreported and it is partly because people don’t want to admit they have been conned or caught out for fear of scaring customers.”

“You don’t want to give the impression that you might be a soft touch, but it can happen to anyone.”

The Scottish hairdresser, Ellen Conlin Hair & Beauty, with salons in Glasgow and Giffnock, said it had paid 1,000 euros in bitcoins after its system was hacked, and felt pressured into paying because it could not afford to lose business.

Haeburn-Little said if small firms took basic steps to protect themselves against cyber attacks then hackers would quickly move onto “a more vulnerable target”.

These include cyber security assessments, such as ethical hackers, which help businesses test and improve their resistance to cyber attacks, digital footprint assessments and supply chain resilience exercises.

Earlier this year, Business Advice heard from a partner at Manby International Sportswear, who received an email from a seemingly trusted source – thinking it was an invoice from a long-established supplier, which turned out to be a con costing her company thousands of pounds.

Sign up to our newsletter to get the latest from Business Advice.



Rebecca is a reporter for Business Advice. Prior to this, she worked with a range of tech, advertising, media and digital clients at Propeller PR and did freelance work for The Telegraph.