Small businesses in the UK are woefully unprepared for an IT security breach despite relying increasingly on mobile devices and storing critical information on computers. That is according to new study by an IT security product company. A third (31 per cent) says they would not know what to do if they had an IT security breach tomorrow, four in ten say they would struggle to recover all data lost and a quarter admit they would be unable to recover any. Most small firms are convinced a cyber-attack would simply never happen to them.
The study of micro firms from hairdressers and builders to doctors’ surgeries and legal firms, found that two-thirds (68 per cent) have internet-connected laptops and half allow IT-enabled mobile and remote working. Vital business data including confidential customer, supplier and financial records as well as IP is stored and processed on computers.
Some 82 per cent say they are not a target for attack because they’re too small or don’t have anything worth stealing. However, the threat to smaller firms is significant and real. According to the Federation of Small Business[, 41 per cent of small firms were hit by cybercrime in 2013, with one in ten the victim of online fraud and one in five affected by a computer virus.
Kirill Slavin, UK MD at Kaspersky Lab, said: “While it is encouraging to see the extent to which micro firms are embracing the latest technologies, this must go hand in hand with a strong approach to internet security. One in ten of those surveyed admitted that an IT security breach would probably cost them their business. This must be addressed, and quickly. Micro firms don’t have to become IT security experts. Most of the time it’s the IT equivalent of remembering to lock all the doors and windows when you go out, make sure you have some additional protection and not to leave valuables where others can easily see and get to them.”
Comment
Alex Grant, Barclays, Managing Director of Fraud Prevention, said: “Cyber-fraud affects one in eight small businesses every year with fraud losses to SMEs estimated at nearly £20bn. Criminals try to steal goods and the business identity through letters, a phone call, or via email. Increasingly, cybercrime is a principal priority risk for businesses. Typical scams include opportunities to acquire new customers who you supply but never receive payment from, or to purchase items from new suppliers that never deliver after having been paid. Fraud can happen to any type of business in many different ways, impacting their revenue, reputation and the long-term health of the business, with no business being too small to be targeted. The most important investment a business can make is to take the time to identify where they may be at risk from fraud and reduce those risks where possible to stay in control.”
Kaspersky Lab and Barclays Bank have drafted this as guidance for micro-firms, for spending five minutes a day checking these five things.
Passwords – Check that all internet-enabled devices and computers that carry your business data are protected by strong passwords, regardless of whether the equipment is company or employee-owned.
Attachment Awareness – Understand the dangers that can lurk in emails, web-links USB sticks, CDs etc. and consider introducing extra software that will filter out or contain suspicious-looking items.
Educate all employees – Make sure everyone knows on how to stay safe online; including how to use strong passwords, spot suspect emails or sites, and protect company information.
Back-up – Every day make sure the information you store on computers is backed-up and secure. Imagine how your business would cope if you had to get through the day without it.
Security systems – Take full advantage of any user-friendly internet security software that that has been specially created for small firms such as your own to secure devices such as smartphones, laptops, tablets, computers, WiFi and networks. Don’t forget about physical security as well – keep things out of sight and the site locked up.
Visit www.kaspersky.co.uk.
