Many small and medium-sized businesses ignore or underestimate the threat online fraud poses to their profitability, cashflow and reputation, according to a panel of experts on cyber fraud.
Ed Vaizey, Minister for Culture and the Digital Economy, invited experts from government and industry to join a Cyber Streetwise small business round table, to create an easy to understand action plan that will help small firms combat cyber crime.
The event marked the new phase of the Cyber Streetwise campaign, which focuses on helping small business owners protect themselves against cyber threats.
The group of experts recommend that all small and medium-sized businesses should:
- train staff to understand cyber threats
- keep software secure by always installing updates
- install and use anti-virus software
- use complex passwords which include a minimum of 3 words and a symbol
Minister for the Digital Economy Ed Vaizey said:
Small businesses are driving economic growth here in the UK but remain particularly vulnerable to cyber security breaches that can result in hundreds of thousands of pounds worth of damage.
That is why government and industry partners are working to make the UK one of the safest places to do business online through our National Cyber Security Programme. A crucial part of this programme is building awareness of cyber threats amongst our small firms, and the Cyber Streetwise campaign is doing just that. It provides clear and easy to follow guidance to help small and medium-sized companies protect themselves from online criminal activity.
The most common problems faced by businesses include staff exposing IT systems to malware by plugging in external devices and USB sticks, opening infected emails or using unsafe websites with malicious code. Poor device passwords and out of date software also leave firms vulnerable.
To further boost their cyber security credentials firms can join the new Cyber Essentials scheme which helps businesses protect themselves against cyber threats and awards them a badge to demonstrate they meet government and industry-endorsed criteria. The Cyber Security Innovation Vouchers scheme can also help by providing up to £5,000 to invest in improved cyber security.
Research has found that 60% of small businesses suffered a malicious breach in the past year and half of them had a serious incident. The worst breaches disrupted operations for small businesses for an average of 7 to 10 days.
Emma Philpott, CEO of IASME, said:
Many businesses simply don’t realise they are at risk and assume cyber criminals are only targeting banks or large online retailers.
The reality is that all businesses are interesting to cyber criminals and if you’re online in any way, you are a target. Cyber Streetwise is a great place to get quick, bite-size, non-techy advice on keeping the cyber criminals at bay.
The panel believe small and medium-sized businesses should use improved cyber security as an opportunity to gain a competitive advantage, improve customer service and boost reputations by demonstrating they have taken steps to defend against attacks. This action could have a positive impact on business growth with recent research finding that 59% of consumers are put off shopping with small firms online, and 82% would buy more if they could show they were protected from cyber crime.
More large UK and overseas companies also expect suppliers to have robust cyber security measures in place and the government now requires many suppliers to have Cyber Essentials certification. Businesses should reassure customers they are a safe supply chain partner.
John Allan, National Chairman, Federation of Small Businesses (FSB), said:
Cyber crime poses a real and growing threat for small firms and it isn’t something that should be ignored. Many small businesses will be taking steps to protect themselves but many others have not recognised the increasing threat and have neither adopted technologies nor strategies to defend against cyber crime. For those that don’t, the cost of cyber crime can be a barrier for growth and in the worst cases, can put a firm out of business.
While we welcome action from the government and the wider public sector, there are clear actions that businesses can take to educate and help themselves to counteract cyber crime. The FSB would strongly encourage them to do so.
Notes to editors
1.Cyber Streetwise is a cross-government awareness and behaviour change campaign delivered by the Home Office in conjunction with the Department of Business, Innovation and Skills, the National Crime Agency, Action Fraud and the Cabinet Office. It is funded by the government’s 5-year £860 million National Cyber Security Programme.
2.The round table, was attended by:
- James Quinault – Director, Office of Cyber Security and Information Assurance
- Peter Wilson – Deputy Director, Office for Security and Counter Terrorism, The Home Office
- Simon Kendall – Head of Private Sector Engagement, Cyber Security and Resilience, BIS
- Simon Whalley – Head of External Affairs, London Chamber of Commerce and Industry
- Richard Hyde – Policy Advisor, Federation of Small Businesses
- Frank Gilbert – IT Systems Manager, Axis Electronics
- Del Heppenstall – Cyber Security Practice Director, KPMG
- Carla Baker – Senior Manager for Government Affairs, Symantec UK and Ireland
- Stuart Aston – Chief Security Advisor, Microsoft
- Emma Philpott – Founder of the UK Cyber Security Forum and CEO, IASME
- James Lyne – Global Head of Security Research, Sophos
- Chris Gibson – Director, CERT-UK
3.The panel encouraged business owners to take on their simple recommendations, which would make a difference to their firms’ safety online.
4.Advice and support for small firms – as well as links to free online training – can be found on Cyber Streetwise.
- Simon Whalley, Head of External Affairs at the London Chamber of Commerce and Industry, said:
Even businesses who don’t sell online have much to gain by being cyber secure. Making themselves more attractive as an export and supply chain partner is a very achievable growth goal which is not always open to businesses who disregard the issue of cyber security. Being a victim can severely impact a business’s bottom line, but as Cyber Streetwise demonstrates, it doesn’t need to cost the bottom line to boost your cyber security.
- Frank Gilbert, Systems Administrator at Axis Electronics, said:
We’ve found that a few simple changes in cyber security practices really can have a big effect on the business – and I’d encourage others to follow suit. It’s essential that our customers have trust in us, and our ability to keep their information safe. If our systems were breached, not only would there be an immediate financial implication to resolve the issue, but our customers would lose confidence in us. That would affect the business for months and years to come.
6.The government’s Cyber Security Guide for Small Businesses is available.
7.Cyber Security Innovation Vouchers are available via the government’s innovation agency, Innovate UK (formerly the Technology Strategy Board).
8.Free online information security training for SMEs is available.
9.Cyber Essentials is a new government-backed and industry supported scheme to guide businesses in protecting themselves against cyber threats. Cyber Essentials sets out 5 key technical controls in free-to-download documents which any organisation can use. A Cyber Essentials badge to demonstrate companies meet government and industry endorsed criteria is available via an affordable assessment process.
10.More information about the Information Security Breaches Survey conducted by PwC on behalf of the Department for Business, Innovation and Skills and in association with Infosecurity Europe, 2014 is available from PwC’s website.
11.Research among consumers and business buyers of small and medium goods and services, performed by OnePoll (2,000 UK consumers) and Coleman Parkes Ltd (procurement managers at 150 large UK businesses with more than 500 employees) for Consolidated PR on behalf of the Home Office, December 2013.
12.The UK Cyber Security Strategy (November 2011) sets out how the UK will support economic prosperity, protect national security and safeguard the public’s way of life by building a more trusted and resilient digital environment. The National Cyber Security Programme (NCSP) within the Cabinet Office coordinates and funds work undertaken by government departments to implement the UK Cyber Security Strategy. Information on progress against the strategy and achievements of the National Cyber Security Programme can be found at Keeping the UK safe in cyber space.