Keri Ackling and her husband run a business called Snow Windows, spraying festive designs on to windows at Christmas. It might not be the obvious target of a cyberattack compared with banks, governments and multinationals, but that’s exactly what happened in 2021.
“We received an email to our business account, and things took a turn from there,” Ackling said. The email appeared to be from Instagram and said their account was nearing 10,000 followers and was therefore eligible for extra features, such as going live and blue-tick verification. The email looked legitimate and the information seemed accurate. “I clicked on the link and entered my email and password to verify the account,” she explained. “Not long after I did that, I realised all the posts had been wiped from the Instagram account.”
For a business that prided itself on its visual creations and using them to build their customer base through social media, it was a catastrophic blow. An Instagram Story had been posted to the account, demanding a ransom to be paid in bitcoin to get their account back. “There was never any question of paying it. Aside from not wanting to give in to them, we didn’t have any idea how to get hold of bitcoin,” she said.
Ackling and her husband refused to pay and contacted Instagram, which shut down their account without warning. “Huge amounts of our business came through Instagram and our big fear was that we’d never get the account back at all,” she said. The couple mobilised their customers, which included celebrities and media personalities like Chris Moyles to campaign and get their message out. Eventually the account was reinstated, and the log-in was reset. However, problems persisted with Snow Window’s 200,000-follower Facebook account, which was linked to their Instagram.
[See also: Britain’s broken tax system]
According to the National Cyber Security Centre (NCSC) – a part of GCHQ – more than a third of small businesses suffered a cyber incident last year. The organisations have launched two new services, the Free Cyber Action Plan and Check Your Cyber Security, both of which are designed to help small businesses stay secure online and protect their livelihoods.
Check Your Cyber Security is designed for average computer users to identify and fix cybersecurity issues in businesses, charities, schools and other small organisations that are increasingly being targeted by cybercriminals. “Small businesses are the backbone of the UK, but we know that cybercriminals continue to view them as targets, said Lindy Cameron, the CEO of NCSC.
Snow Windows is still dealing with the legacy of opening that one email in 2021. “Since the Instagram hack, we’ve been unable to post any adverts on to our Facebook business page – an issue Meta, which owns Facebook and Instagram, has been unable to fix,” Ackling said. Before the attack, Facebook had been a huge source of business and a valuable marketing tool, but it has effectively been paralysed for the past two years. “It was completely heart-sinking,” Ackling said. “You work so long and so hard to build up social media pages and grow your following and everything had just gone.”
“A fifth of small businesses see cybercrime as the most impactful crime in terms of both cost and disruption to their operations,” said Martin McTague, national chair of the Federation of Small Businesses. “Equipping small firms with the right tools and tailor-made guidance could enable them to be more cyber-resilient and in turn reduce costs in real life.”
[See also: Building the business case for growth]