With only 36% of small to medium-sized businesses (SMEs) regularly installing security patches on their work computers, it seems that the SME sector is not taking cyber-crime seriously.
This worrying statistic was released last year as part of a Federation of Small Businesses (FSB) survey, which also found that just 20% of SMEs carried out risk assessments of their processes or controls, or conducted staff training to counter fraud, while only 13% used a secure online payment system.
The FSB report also revealed that cyber-crime costs its members around £785 million a year through fraud and online attacks. So with 41% of businesses admitting to being a victim of cyber crime within 12 months of responding to the survey, this puts the average cost per business at £4,000 a year, with some losing more than £50,000.
Such losses are proof enough of the dangers of cyber crime to SMEs, while the lack of security measures taken, particularly compared to larger companies, means small businesses are being increasingly targeted by criminals who view them as easier to break into. This clearly illustrates the need for SMEs to protect themselves more stringently, as FSB National Policy Chairman Mike Cherry confirms.
“Cyber-crime poses a real and growing threat for small firms and it isn’t something that should be ignored,” he says, encouraging SMEs to take on board the following 10 top tips from the FSB to make sure they are doing all they can:
1.Implement a combination of security protection solutions, such as anti-virus and anti-spam software, and putting one or more firewalls in place.
2.Carry out regular security updates on all software and devices.
3. Make sure your passwords are effective by using a minimum of eight characters, mixing upper and lower case letters and numbers, and changing it regularly. Alternatively, consider using a password manager software programme, which are usually available for relatively little cost.
4. Secure your wireless network, such as changing default settings and the Service Set Identifier (SSID) or network name.
5. Put in place clear and concise procedures for email, internet and mobile devices.
6. Train staff in good security practices and consider employee background checks.
7. Plan, implement and regularly test backup plans, information disposal and disaster recovery procedures.
8. Carry out regular security risk assessments to identify important information and systems that need protecting.
9.Carry out regular security testing on your business website.
10. Always thoroughly check provider credentials and contracts when using cloud services.