Small Business Security: It’s Not Paranoia, You Are Under Attack.

small business security cyber attack

By the end of 2019, cyber-attacks and technology-enabled scams against small businesses were soaring off the scale.

Why?

The answer is sadly straightforward: the attacks are working. That is, they're delivering lucrative returns on investments.

At the start of 2019, it was clear that the hackers and scammers were turning their attention to smaller organisations. They didn’t anticipate their own success or quite how rich the pickings would turn out to be.

The pioneering attackers who decided to go after small businesses have found a working business model with guaranteed massive returns. And now, the pile on or goldrush is underway: everyone wants a slice of the action.

So, standby, in 2020 small organisations are under unrelenting attack. And, be aware, the attackers are after your money. 

How did we get here?

Believe it or not, we’re 13 years into the iPhone era.

Apple and the iPhone are not that huge a part of the modern business IT ecosystem, but it was the appearance of the iPhone back in 2007 that marked the start of a massive transformation in IT – the move to the cloud.

Suddenly email on a mobile device was a must-have for everyone, not just a few clever geeks and Blackberry-toting corporate executives.

And, where email led, the rest of the traditional business IT family has followed. Now everything is in the cloud and we are probably close enough to the last generation of on-premises servers.

The revolution

The transformation in business IT has produced a revolution in the whole world of business. Setting up anything approaching a serious business IT system, only a decade or so ago, needed an outlay of several thousand pounds and, if your requirements were more than basic, you were looking at several tens of thousands.

Now, if you can lay your hands on a few hundred pounds a month, you can be up and running tomorrow with the most sophisticated and complicated email, file storage and sharing, CRM and any other system you can imagine.

National borders and other restrictions of the past are barely relevant anymore. As a result, financial and logistical barriers to entry for many business sectors have all but collapsed and, for those holding up, they have been lowered and are getting lower by the day.

Anyone can be a businessperson now.

And, the revolution isn’t over yet; if anything, it is accelerating – just take a look at the rate at which new products and services are being rolled into Microsoft, Google and Amazon platforms and the array of new online services from smaller players that are just tumbling out of the cloud.

There are plenty of traditional businesses who are sad to see the end of stiff entry barriers to their sectors but, for the rest of us, this is all unequivocal good news. Right?

Well, we can hardly complain about the price we’ve had to pay. Our homes and offices have been made over and the cost has been pretty much imperceptible.

Now, Microsoft hasn’t become the richest company in the world through its unrelenting focus on free lunches and we’ve all got in the habit now, both as businesses and individuals, of paying for our technology through monthly subscriptions. Given what we get, these subscriptions are hardly expensive though. We wouldn’t have had the explosive growth of such services if their pricing was out of reach.

We do pay then, but not much, and certainly not so much that it hurts. We could even argue that the fees we pay Microsoft, Amazon or Google (indirectly) have been more than made up for by the lower prices we pay for much else as a result of the competition they have allowed.

And even if £1,000 or so does seem a bit steep for a phone, when you stop to think about it, don’t forget the convenience.

A new world

You know I’m now going to suggest there is a downside to all this.

There is a well-known general sense of unease about the non-monetary price the big providers are charging us, i.e. massive scale harvesting of personal information.

But there is a much bigger problem with this whole cloud revolution, and this is the impact it has had on small business security. In general terms, cloud providers are far more secure than on-premises IT systems ever were. So I am not for a moment arguing that we should somehow go back to on-premises IT. The genie is fully out of the bottle.

So, if cloud providers are generally pretty secure, where is the issue with business security? I’m talking here about security in its most basic sense, i.e. the ability to keep on existing.

Let’s consider an attack that our clients experience every day – a phishing email crafted to trick the recipient into revealing their Office 365 password. Phishing emails have been around for a long time but, by definition, this one would be pointless without the ubiquity of Office 365. 

For most recipients these emails are a minor irritation; for an unlucky few they result in a significant financial loss and, for some, this is enough to put them out of business. For example, a healthy business turning over, say, half a million a year may not be able to survive a successful phishing attack that relieves them of £50,000 (not an unusual figure). 

Now, earlier in this article we looked at the way barriers for entry to business have been lowered or eliminated by the cloud revolution. The same is true of the barriers to entry to the criminal world.

Think back to those far off days before the 2008 financial crash. Say you wanted to defraud a business of £50,000, you really would have had to know what you were doing and have advanced conning skills.

Today, if that’s my intention, I don’t need any special skills to launch an attack against thousands of companies and see if I get lucky.

The enemy

A good way to get a sense of the point of extreme vulnerability at which we have now arrived is to revisit an old information security concept: the attack surface.

Back in the day, when we worked on security we would look at those parts of an IT system that were exposed to the Internet. Sometimes all we had to consider was the network router/firewall, or some servers, PCs and laptops might also have been of interest. But the point was that we could define the attack surface, i.e. the points of vulnerability, and concentrate our defensive efforts in this area.

By and large, this approach worked. If you reinforced your attack surface, there were plenty of much more inviting targets out there.

The problem we have now is that the Internet has become the IT system for most businesses. The attack surface has become infinitely vast and undefinable in any meaningful sense. 

All businesses now share a single, immeasurable attack surface. The service providers take security very seriously and are engaged in a frantic arms race with the attackers who are highly organised, technically skilled businesses.

Defensive systems are constantly probed for weaknesses and attacks are launched by the million every day. Some attacks will always get through. We are at a point where criminal activity now has the potential to bring the whole IT revolution to a crashing halt.

At one end, a massively successful cascading (company to company) attack could easily exhaust the capacity of the global insurance industry to underwrite the financial risks involved in the revolution.

At the other end, small businesses may gradually be forced to withdraw from electronic business altogether as the risks begin to outweigh the rewards.  

My IT people have it covered?

If this is true, what are you, as a small business, supposed to do?

Here is the first wake up call: stop believing that your IT people or support company has this all under control. They don’t.

This is way beyond their capabilities.

We need to face up to the uncomfortable fact that it is the IT people, in their eagerness to please their customers, that have caused this problem and they don’t have the solution.

OK, this is curious stuff for the MD of an IT company to be putting out there.

Well, it is precisely my background that qualifies me to identify this problem. Above all, I know how IT people work, and getting them to prioritise security is a hopeless cause.

Even though it doesn’t always look that way, IT people see themselves as born to serve; their role is to satisfy customer needs. Back in the 80s, even inhouse IT teams learned to call the rest of the business their customer. Good IT has always been about satisfying business needs defined by other people. Security has always been an obstacle to satisfying those needs.

Now there are IT companies around who have always prioritised security, but they are few and far between. There are more that are starting to give security the attention it needs, as a bolt on to their core service. And, there are many who pay lip service to security while considering it a purely technical issue and carrying on much as before.

You may notice more and more IT companies adopting a new abbreviation, no longer MSPs (Managed Service Providers) but MSSPs – guess what the second ‘S’ stands for. Well, don’t believe the hype.

The right way

Now for the bold claim: Macnamara is different.

I started the business almost 20 years ago, coming out of a corporate background in which I was proud of my nickname, ‘the handbrake’, earned as a result of my (then unfashionable) insistence on security as a priority. And we have never strayed from this focus – even losing clients along the way by refusing to compromise on their security.

Our people do not come from traditional IT backgrounds and are all trained inhouse.

We were amongst the first to embrace the cloud, recognising that standing against an incoming tide wasn’t going to help anyone. But we also saw the risks and have relentlessly trained, studied and certified to keep ourselves and our customers secure.

Businesses are now more vulnerable to attack than ever before. Security needs to move right to the top of the management agenda, and you need a partner to keep you as safe as possible against this rapidly changing and ever more dangerous background.

Security goes way beyond technology, and way beyond what can be covered in this article, and if you are going to rely on your IT company, at a minimum, ask for some evidence that they are qualified to advise or help you on security.

I’m not going to pretend that Macnamara has the solution to the problem we are facing today in business security – but the Macnamara team is trained to tackle security way beyond technology, has been a pioneer in small business security, and understands the problem.

Like this article?

Share on twitter
Share on Twitter
Share on linkedin
Share on LinkedIn
Share on email
Share by Email

Subscribe to our monthly newsletter

Get the best IT tips and Office ideas in your inbox

Further reading

how to be calm and resilient during a work crisis

How To Stay Calm and Be Resilient During a Business Crisis

You can’t escape the C-word at the moment. 

And by C-word we’re not referring to “coronavirus” – nor “COVID-19” (though, you can’t escape those either).

The word of the day is crisis. Because you know what – COVID-19 is just one crisis. It’s surely not the first, and it won’t be the last.

So here’s one particularly valuable thing you can learn from this situation: how to stay calm and logical in the face of any crisis – big or small – that impacts your company.

Read More »
how to unleash staff creativity

5 (Science-Backed) Strategies for Unleashing Staff Creativity

Whether you’re the manager of a team or working on a project with a group of staff, there are times when creativity is needed.

And the more of it you can tease out from everyone, the better the results are going to be.

Now, let’s not be mistaken here… creativity is not just a thing for artistic pursuits. It’s about generating fresh ideas, thinking laterally, coming up with unique ways to solve complex problems… regardless of the field you work in.

Read More »

Want to hear what customers have to say?

Watch out customer story videos and find out today...

Cookie Notice

This website uses cookies to ensure you get the best experience on our website. Learn More.

Scroll to Top

Get the Ebook

"Your Ultimate Guide To Office Delegation"

Get this empowering Ebook in your inbox — when you subscribe to the Macnamara Newsletter. What’s in the Newsletter? Insightful articles, invites to exclusive events, powerful ideas, free training resources. Don’t miss out – subscribe today.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.

Get the Ebook

"Five Powerful Ideas That’ll Take Your Personal and Business Development to the Next Level"

Are you an Office Manager who’s looking for next-level ideas? You need to read this Ebook — you’ll get it for free when you subscribe to the Macnamara Newsletter. What’s in the Newsletter? helpful articles, invites to events, powerful ideas, free training resources. Don’t miss out – subscribe today.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.

Get the Ebook

"Five Ideas That'll Help you Tame Unruly Systems and Team Members"

Get this empowering Ebook in your inbox — when you subscribe to the Macnamara Newsletter. What’s in the Newsletter? Insightful articles, invites to exclusive events, powerful ideas, free training resources. Don’t miss out – subscribe today.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.

Get the Ebook

"Five High-Value Business Initiatives That’ll Provide Massive Impact and Help You Get Noticed at Work"

Get this empowering Ebook in your inbox — when you subscribe to the Macnamara Newsletter. What’s in the Newsletter? Insightful articles, invites to exclusive events, powerful ideas, free training resources. Don’t miss out – subscribe today.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.

Subscribe to our monthly newsletter.
Get the best IT tips and Office ideas in your inbox.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.