The prime time for cybercrime is looming

Updated: Aug 27

The 2013 data breach affecting nearly all of US retail powerhouse Target’s 1,797 stores, with 40 million customers’ card details stolen. The SolarWinds attack on the United States federal government last December and the second sabotage five months later, where malicious emails were sent to 350 organisations. The cybercrime gang which infiltrated US IT firm Kaseya and posted a $70m ransom demand on the business’ blog.


What do these cybercrimes have in common apart from being large-scale intrusions that happened across the pond? And what relevance does this have to your school, college, shop, restaurant, law firm or charity in the East of England?


They happened either on or within days of Thanksgiving, Christmas and Memorial Day respectively. Public holidays when business defences are lower than usual and there’s an extended period where most of the workforce is out of the office. A prime time for online criminals to gain unauthorised access into your business.



This is a growing trend and with bank holiday just around the corner, would you know what to do if at 5pm on Friday you find you’ve been locked out of all your systems, or you receive a ransom demand? It may sound like something that only happens thousands of miles away to global businesses and organisations, but micro and smaller-sized enterprises are uniquely at risk and SMEs from Ely to Shefford, Great Yarmouth to Bury St Edmunds, Chelmsford to Folkstone and all across the region are experiencing such situations.


Your business’ digital door may be shut but how sure are you that it’s bolted securely in a digital sense? It doesn’t take much for hackers to sneak in and get their hands on sensitive data if vulnerabilities aren’t appropriately identified and fixed. You could end up inviting repeat business from online criminals.


A report by telecomms heavyweight Vodafone found that more than 1.3 million small and medium-sized businesses across the UK could collapse given the cost of an average cyberattack being almost £8,500 according to government statistics - a worrying thought but one that needs to be addressed.


How to protect your business


Many will be feeling ready to start winding down for the long weekend ahead and that’s no bad thing by any stretch of the imagination but it’s a good prompt to review your basic cyber security measures. Here are some quick wins you can implement if you haven’t already done so. We promise they only take a few short moments:


  • Enable two-factor authentication (2FA) on email accounts and software apps (a code is sent via text to your phone or generated by an authenticator app to verify that you are the rightful user of the account).


  • Data backup - any data that can’t be replaced if lost, damaged or stolen (financial records, emails, customer databases, documents, and supplier contracts) should be saved to an external hard drive or a cloud-based system. This should be done regularly – ideally on daily basis.


Things we recommend you do for longer-term safeguarding:


  • Have a good continuity plan - the National Cyber Security Centre has created response and recovery guidelines in five easy steps to minimise impact should you be a victim of cybercrime.


  • Cyber Essentials – this is a government scheme helping businesses become more resilient against cyber-attacks. Cyber Essentials includes £25k insurance for SMEs, with access to a support helpline should you be in the early stages of a threat. Our trusted partners work with local SMEs like yours to help them achieve the qualification.


  • Cyber continuity exercise – this affordable ECRC service can help you with simple yet effective resilience plans so when you’re running on skeleton staff there are colleagues who know what to do should the worst happen during public holidays or any time of the year.


Our purpose is to help SMEs with their business resilience, and we are ready and waiting to discuss your security and any other cyber-related queries you may have. Drop us a line to learn how we can help during a free 30-minute chat.




The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.