News

July 25, 2014

Small firms "woefully unprepared" for cyber attacks

A study carried out by security software provider Kaspersky Lab suggests that cyber attacks are more common than many small-business owners believe, with many of them "woefully unprepared" for an IT security breach, despite growing reliance on mobile devices and storage of "critical information" on computers.

Almost a third (31%) of respondents admitted to not knowing what to do if they suffered a serious IT security breach, with four in ten saying they would struggle to recover all data lost and a quarter admitting they would be unable to recover any.

The survey attracted responses from micro-businesses ranging from hairdressers and builders to doctors' surgeries and legal firms. More than two thirds (68%) of respondents had internet-connected laptops, while half allowed mobile and remote working as a result of IT. Although critical business data (including confidential customer, supplier and financial records) was stored and processed on computers, 82% did not think they would be a target for cyber attack because they're "too small" or "don't have anything worth stealing".

But as Kaspersky Lab points out, according to the Federation of Small Businesses (FSB) 41% of small firms were affected by cyber crime in 2013, with one in ten falling victim to online fraud and one in five affected by a computer virus.

Kirill Slavin, Kaspersky Lab UK managing director, said: "One in ten of those surveyed admitted that an IT security breach would probably cost them their business. This must be addressed – and quickly," he warned. "Micro firms don't have to become IT security experts. Most of the time it's the IT equivalent of remembering to 'lock all the doors and windows when you go out', make sure you have additional protection and not leave valuables where others can easily get to them."

Kaspersky Lab and Barclays Bank have drafted a "five-a-day" IT business security action plan, calling on small-business owners to spend at least five minutes a day on the following five areas:

1. Passwords: Check that all internet-enabled devices and computers that carry your business data are protected by strong passwords, regardless of whether the equipment is company- or employee-owned.
2. Attachment awareness: Understand the dangers that can lurk in emails, web links, USB sticks, CDs, etc and consider introducing extra software that will filter out or contain suspicious-looking items.
3. Educate all employees: Make sure everyone knows how to stay safe online, including how to use strong passwords, spot suspect emails or sites and protect company information.
4. Back-up: Every day make sure the information you store on computers is backed-up and secure.
5. Security systems: Take full advantage of user-friendly internet security software specially created for small firms to secure smartphones, laptops, tablets, computers, WiFi and networks.

Alex Grant, managing director of fraud prevention at Barclays, said: "Fraud can happen to any type of business, impacting their revenue, reputation and the long-term health of the business, with no business being too small to be targeted. The most important investment a business can make is to take the time to identify where they may be at risk from fraud and reduce those risks where possible."

Related resources

• IT security BRIEFING
• Five mistakes you may be making with your IT security ARTICLE
• Perform an IT security risk assessment ARTICLE