Cyber security is no longer a concern limited to large corporations. Increasingly, smaller businesses are finding themselves targeted by phishing attacks, payment frauds and ransomware incidents, many of which are becoming more sophisticated through the use of artificial intelligence (AI).

Recent reports suggest that cyber criminals are now using AI technology to produce highly convincing emails, fake invoices and fraudulent payment requests that can be difficult for employees to identify. As a result, many small businesses are becoming vulnerable to attacks that previously may only have affected larger organisations.

The financial consequences can be severe. In addition to direct losses, businesses may face operational disruption, reputational damage and the loss of sensitive customer information. In some cases, businesses can remain affected for weeks following a successful attack.

Smaller businesses are often attractive targets because cyber criminals may assume that internal controls and staff training are less developed than in larger organisations.

Business owners may wish to review whether they currently have:

• strong password procedures,
• multi-factor authentication,
• regular software updates,
• secure backup arrangements,
• staff cyber awareness training,
• and clear payment authorisation procedures.

Particular care should be taken where payment instructions are received by email, especially if bank details appear to have changed unexpectedly. Verification procedures involving telephone confirmation can often prevent costly mistakes.