Cybercrime against small to medium businesses is a significant concern. Over the past twelve months, 54% of all small businesses have been a victim of cybercrime. This is costing the average business £768 per year, though some businesses can have costs which are much higher.

Some research has suggested that 66% of businesses don’t have the resources to recover from an attack. Therefore, an attack could be the end of the business within less than a year.

Cybercrime comes in many different forms. Some are more subtle than others but each one needs different cyber security tactics to protect your business from the financial pain. Here are the top five cybercrime scams that every business faces and quick tips on how to protect your business from them.

1. Phishing

One of the main forms of attacks against a company is phishing. These attacks are very common because human errors make them very successful. This is when an email is sent that looks legitimate but contains a link that allows cybercriminals to gain access to a system or download malicious software to an IT network.

The end result of the phishing email scam is different for each one. Sometimes malware is installed, however, sometimes it can be ransomware. And it isn’t just limited to email, it can happen on forums, social media, SMS and other forms of communication to.

To defeat phishing you’ve got two options. Deploying both is the most effective. The first is to have an effective IT network that offers email security and other systems to protect your network from harm.

However, this is rarely 100% effective as criminals are clever and there’s always human error. This is why you should also train staff with IT security processes that teach them to recognise phishing attacks across all mediums.

2. Hacking

Hacking is the one that most people think of when they think of cybercrime. There are lots of things that a criminal can do when they hack your IT infrastructure. This can include stealing/corrupting data on your database or they could take down your website.

Normally, hackers gain access to your system through a compromised system in your IT infrastructure. This could be a computer that has malware on it that records and sends the user credentials to the hacker. The malware is usually installed after the user has been a victim of a phishing campaign or has been on a corrupted website.

Or hackers can gain access through outdated software that doesn’t include the latest security patches.

To prevent this, you need to train staff to prevent phishing attacks (like before) and also to keep software and hardware up-to-date.

3. Ransomware

This is a clever attack where hackers gain access to your IT network and then lock your system. The criminals will then promise to unlock your systems for a payment, usually a high amount and in bitcoins. There have been several ransomware attacks recently with the most famous being that on Travelex’s network. They stole lots of customer information, including dates of birth, credit card information and national insurance numbers.

To return the data, the ransomware gang demanded £4.6 million.

If you’ve been affected by ransomware, then you should not pay the criminals. In many cases, they just take the money and leave the data encrypted. It is always better to have data encrypted, so it’s harder for the criminals to use any data that they steal. In addition, you should always have a data backup to enable you to recover quickly from the attack.

4. Distribute Denial of Service (DDoS) attack

A DDoS attack is when a website or server is targeted with an overwhelming amount of requests (traffic) that the hardware can’t handle and so crashes. This can prevent employees from collecting data from the server to complete work (or using applications hosted on the server) or users can’t access a website.

DDoS attacks are very common. Sometimes hackers will demand a ransom to restore services.

These attacks often require bots sending malicious requests via zombie or slave machines (those affected by software).

To protect your server from these attacks, you need to have specialised IT security systems that identify and block malicious requests to your server.

5. Payment scandals

This is where a criminal poses as a senior member of a business and tells an individual to make a payment to a fictitious supplier/customer/individual. Another name for this scam is the fake CEO scan. These scams are becoming a more common type of attack and have worked across the world.

Often this attack works because criminals are becoming more sophisticated with their emails. They’re learning how to write more convincing emails using the right business language. They can also make emails look more legitimate by finding out important information (i.e. personal details of the CEO) and making emails look right with correct branding and similar domain names (i.e. instead of

One company that was significant hit by this was Mattel. They nearly lost $3 million when they were attacked. Luckily, they recovered a lot of the finances.

To protect your business you should have very strong payment processes. In addition, you should train all staff in proper email security. Simple checks can often identify fake CEO emails.


Cybersecurity is a large threat to UK businesses. The top five threats against UK businesses can be dealt with through many initiatives, however better cyber security training for employees can help resolve many problems. Human error is often the top reason why cybercriminals can gain access to IT infrastructures and data that is held on your servers.

By training your staff properly, you can add a layer of protection to your IT systems and ensure that you don’t have high costs that could disrupt your business’ operations.