top of page
Search

AI & Cyber Security

As a Snack:

Not worrying about security is a common mistake small businesses make. Common and understandable – they’re busy with ‘everything else’, feel small enough that it won’t matter, and frankly, it can feel too complicated to know where to start. But it’s critical that you do. Cyber Attacks can happen to anyone, anywhere and leave you stranded without access to the key files and information you use to run your business. The attacks are also getting harder to spot now that AI is involved. So what can you do?


ree

Let’s unpack.

 

‘I don’t worry about Cyber Security; who’s going to target us? We’re just a small business’ is a phrase I hear often. And it’s understandable. Cyber Security can feel ‘too hard’ and too discombobulating a topic to know where to start – which automatically bumps it to the bottom of a busy Small Business Owner’s to-do list.

 

The mistake small businesses make is thinking their stature in the real world relates to the world online. But the reality is, if you have an online presence, you’re vulnerable.

 

In fact, Accenture’s Cost of Cybercrime Study reported that 43% of cyberattacks were aimed at small businesses and employees at small businesses experience 350% more ‘social engineering’ attacks (e.g., phishing) than those at larger enterprises.

 

But if you don’t do something and you get hit, the consequences can be catastrophic – imagine you come into work and suddenly can’t access anything on your computer. Anything. No customer data, no calendar, no files or folders.

 

As annoying as that bi-monthly ‘rethink and redo your password’ from a big corporate’s IT Team is, having a team monitoring and reminding you does provide protection.

 

Small businesses simply don’t have the resources. Which unfortunately makes them an obvious and easier target - they have weaker defences, seen as easier targets, and still have high value customer data.


Types of Cyber Crime to be aware of

 

  • Phishing: Fake emails, texts, or websites that trick you into giving away passwords or personal information by pretending to be legitimate companies.

  • Ransomware: Malicious software that locks your files and demands payment to unlock them.

  • Malware: Harmful software (viruses, trojans, spyware) that infects your computer to steal data, cause damage, or gain unauthorized access.

  • DDoS (Distributed Denial of Service): Overwhelming a website or service with fake traffic to make it crash or become unavailable.

  • Man-in-the-Middle: Intercepting communications between two parties to steal information or alter messages without either side knowing.

  • SQL Injection: Exploiting weaknesses in website databases to steal or manipulate stored information.

  • Password Attacks: Using automated tools to guess or crack passwords, often by trying common passwords or using stolen password lists.

  • Social Engineering: Manipulating people through conversation or deception to reveal confidential information or perform actions that compromise security.

  • Zero-Day Exploits: Attacking software vulnerabilities that haven't been discovered or patched yet.

  • Insider Threats: Attacks carried out by employees, contractors, or others with authorized access who misuse their privileges.

  • Advanced Persistent Threats (APTs): Long-term, stealthy attacks where hackers slowly infiltrate networks and remain undetected while stealing data over time.


What impact has AI had?

 

The Bad Side

  • Cybercriminals use AI to automate, scale, and personalise attacks. AI’s ability to create realistic sounding phishing emails can make them much more effective.

  • Deepfakes – AI can create convincing deepfakes where content (e.g. imagery or email) mimics someone real. This adds a layer of ‘realism’ which means you instinctively trust the content even when it seems a little odd e.g. your boss requesting you transfer some funds to them.

  • Anyone can create malware: AI’s ability to generate code makes it faster and easier for anyone to create a cyber-attack, whereas it used to be the domain of developers

 

The Good Side

  • AI-powered cybersecurity tools analyse vast amounts of data in real time, detecting threats, anomalies, and vulnerabilities much faster and more accurately than traditional methods.

  • Defensive AI can automate routine monitoring, triage alerts, investigate incidents, and even respond to threats, freeing human teams to focus on complex risks.

  • AI is critical for identifying sophisticated threats like lateral movement within networks and for predicting future attack trends based on historical data.

  • As a counterpoint to the speed in creating attacks, AI also significantly improves the speed and efficiency of prevention, detection, response, and recovery.


If you’re a small business what can you do?

 

There are a number of things you can do to help protect yourself.

 

  • Be AI-aware: AI is promising a whole bunch of exciting sounding things – automating tasks to creating content. Dig into the company you’re using before signing up and be mindful of what you’re giving it access to e.g. using AI to automate a task like ‘create an event and invite clients, and manage the RSVPs’ gives the AI access to your client data, your calendar and emails, and potentially files it needs to carry out the event.

  • Use strong passwords and multi-factor authentication (MFA): Require strong, unique passwords for all accounts and devices, and enable MFA wherever possible for an extra layer of security. Consider using a Password Manager to help manage and protect your passwords and save you having to remember them.

  • Back up your information regularly: Schedule frequent backups of all critical business data and store backups offline or in a separate location to protect against ransomware or data loss.

  • Install security software: Use antivirus and anti-malware tools on your computer/s to detect and remove threats. Set up firewalls to protect your network from unauthorised access.

  • Be suspicious: If it looks a bit odd, check it. As phishing emails, suspicious links, and scams get more devious, we need to get more mindful. Make sure everyone understands the importance of cybersecurity and has clear policies for handling business data.

  • Keep software and devices updated: Regularly update operating systems, applications, and security software. That helps ‘patch’ vulnerabilities that hackers could take advantage of.

  • Limit access and manage permissions: Only give employees access to the data and systems they need for their roles. Set a regular time to review and update permissions over the year. Password Managers are a great tool for this.

  • Secure your network: Protect your Wi-Fi with strong encryption, change default passwords on network devices, and consider segmenting your network for added protection.

 

I know, it all sounds a bit horrifying. Start with the simple things that you can do, and reach out to your local IT experts to help with the things you can't.

 

 
 
 

Comments

bottom of page