back Back

Neo: Small businesses and cybersecurity during Covid-19

February 22, 2021

  • Biometrics
  • Breach
  • Cyber - Attacks

By Ian Yates, CTO of treasury management FinTech Neo

Ian Yates, CTO, Neo
Ian Yates, CTO, Neo

Relentless phishing emails, fraudsters impersonating healthcare officials and organisations, exposed networks – the rapid pivot to home working and the resulting cybersecurity threats continue to be a headache for small businesses. Yet, while the pandemic exacerbated a number of these vulnerabilities, most have been present long before the COVID-19 era.

Setting the scene: Cybersecurity before Covid-19

Even in the years before the pandemic, SMEs were often just one click away from a cybersecurity breach, largely as a result of their often-weak technological defences. This is due to a combination of a smaller awareness of the threat as well as limited resources to put into cybersecurity. Consequently, cybercriminals and would-be fraudsters are able to take advantage relentlessly – a recent report suggests that small businesses are the target of over 40% of cyber-attacks with an average loss per attack of more than US$ 188,000.

The often-limited cybersecurity tools many SMEs use to protect their operations mean they are the “weakest link”, and criminals can use this to exploit their connections to larger companies in the supply chain.

In 2019, it was estimated that one out of five SMEs had fallen victim to a ransomware attack. Phishing attacks have also reached their highest level in three years with small organisations receiving malicious emails at a higher rate. While SMEs are juggling a number of issues and priorities, they cannot afford to cheap out on cybersecurity.

The perfect storm: Covid-19

There’s a common assumption among small business owners that their company is too small to be targeted by a cyber-attack. Unfortunately, this is not the case. The pandemic has provided cybercriminals with an unprecedented opportunity to exploit confusion, uncertainty and hastily put together security measures as the workforces hastily pivot to remote working.

A recent study from the legal firm Hayes Connor Solicitors shows that many firms are not doing enough to protect their businesses. For example, one in five UK home workers has received no training on cyber-security, and two out of three employees who printed potentially sensitive work documents at home admitted to putting the papers in their bins without shredding them first.

With hundreds of millions of people around the world forced into managing sensitive data while working remotely, 2020 has proven to be a turning point in terms of attitudes to cybersecurity. Most technology and software systems were built to be accessed primarily on-site, so their security systems are geared accordingly.

Neo logoBut the shift to remote working has led to workers increasingly using personal devices to ensure business continuity and many communications are now taking place outside company firewalls on novel applications. This can significantly increase cybersecurity risks for SMEs as applications for remote working are often the target of malicious actors.

In 2020, there was a 400% increase in cyber fraud in the USA alone, with statistics reflecting that small businesses – and especially the sole traders, and self-employed – were the most vulnerable and while also lacking good access to relevant security services.

It goes without saying that the pandemic has strained the finances of most businesses and increasing investment into security can be difficult for SMEs at a time when many struggle to keep their cash flowing.

How technology can help – if used strategically

There’s a number of simple things businesses can do to protect themselves by taking advantage of available technology. It is widely known that human error is the weakest link when it comes to cybersecurity, so the bigger challenge for companies is to prevent unauthorised access, hacking or fraud arising from multiple access points that now exist.

An achievable starting point is simply setting out a clear cybersecurity policy and ensuring everyone in the business is well aware of protocols and best practises. This would also involve establishing clear rules on how devices are used, how teams share documents and so on.

Tailored and controlled access can be another effective way of improving cybersecurity. By making this as granular as possible, senior managers can control the features their team members can access. If unauthorised access were to occur, it would make it easier for the security team to identify and address the source without the risk of system-wide contagion.

Any system needs to incorporate the latest security and encryption protocols, even if a business feels it is too small to be worth a cybercriminal’s time. This can include multi-channel two-factor authentication, four-eyes checks, a complete audit trail of all activity, continuous backups and much more. These protocols need to be reviewed thoroughly, tested, challenged, and updated regularly to ensure SMEs are less likely to become easy pickings.

Ian Yates

Previous Article

February 16, 2021

Security challenges in financial services

Read More
Next Article

March 04, 2021

Scaling Corporate Banking Digitisation

Read More

IBSi News

December 03, 2021


emerchantpay and Elsner Technologies team up to accelerate payments for online businesses

Read More

  • Daily insightful news analysis
  • Weekly snapshot of the industry deals, events & insights
  • Sectoral deep dives on the hottest FinTech trends
  • Exclusive interviews featuring c-level executives shaping the industry
  • Profiles of the most influential established and emerging companies in the sector
  • Weekly global FinTech use cases
  • Chart of the Week curated by the IBSi’s Research Team

IBSi FinTech Journal

  • Most trusted FinTech journal since 1991
  • Digital monthly issue
  • 60+ pages of research, analysis, interviews, opinions, and rankings
  • Global coverage
Subscribe Now

Other Related Blogs

April 29, 2021

Managing system security in the Work from Home world

Read More

April 28, 2021

DTCC: Operational resilience planning, in 2021 and beyond

Read More

March 17, 2021

Shining the spotlight on behavioural biometrics

Read More

Related Reports

Sales League Table Report 2021

£1,500 / year

Know More
US Financial Services Technology Report 2021

£1,500 / year

Know More
The Future of Digital Banking Report 2021

£1,500 / year

Know More
Wealth Management & Private Banking Systems Report 2021

£1,500 / year

Know More
Treasury and Capital Markets Systems Report 2021

£1,500 / year

Know More