Member Article

Most Small Businesses failing basic IT Security

Despite widely publicised data breaches in 2016 and 2017, and looming changes to the laws around data protection, most small businesses do not have strict IT security measures in place to protect themselves and their customers’ data.

According to a recent study by the Ponemon Institute, only 14 percent of small businesses rated their ability to mitigate cyber attacks as highly effective. This is a worrying statistic when 55% of the same respondents had experienced a cyber attack, and 50% had been victim to a data breach in the past 12 months.

Small business owners responded that they did not have the budget or expertise to improve their IT security measures, but Matt Feeny, Director at Leeds-based IT Support organisation PCM, highlights some inexpensive IT security practices that small businesses can easily make.

“The report highlighted that small business owners didn’t feel they had the personnel, budget or technologies to make their IT security more effective. From our work with small and medium businesses, we’ve seen great improvements in IT security with just a few small, inexpensive processes.”

“Multi factor authentication can add an extra layer of security to email accounts. It is offered by the major business email providers like G Suite (Gmail) and Office 365 (Outlook), and doesn’t cost anything extra.”

43% of the respondents reported that they had been the victim of phishing and social engineering, and 39% reported that they had no understanding of how to protect against cyber attacks. Increasing employee understanding of the most common forms of cyber attacks would help to prevent these types of scams.

“Email fraud, social engineering and phishing have had the biggest impact on small business in recent months. Thanks in large part to a lack of understanding on how phishing happens, we know of businesses that have lost thousands of pounds to cyber criminals”, says Matt.

“All of our clients receive advice on IT security and breach prevention, and it’s something that all IT firms should be able to advise their clients on. One of the best pieces of advice we can give to businesses, is to always verify invoice requests with new bank details. If you’ve done business with a company before, and suddenly they have a new bank account, ring them to check the details before making a payment.”

PCM is an IT support organisation based in Leeds. They specialise in IT support and security for small and medium sized business across Yorkshire.

This was posted in Bdaily's Members' News section by Sarah Collett .