Most small businesses are failing basic IT security

it security

Despite widely publicised data breaches in 2016 and 2017,  and looming changes to the laws around data protection, most small businesses do not have strict IT security measures in place to protect themselves and their customers’ data.

According to a recent study, only 14 per cent of small businesses rated their ability to mitigate cyber attacks as highly effective. This is a worrying statistic when 55 per cent of the same respondents had experienced a cyber attack, and half had been victim to a data breach in the past 12 months.

Small business owners responded that they did not have the budget or expertise to improve their IT security measures, but Matt Feeny, Director at Leeds-based IT Support organisation PCM, highlights some inexpensive IT security practices that small businesses can easily make: “The report highlighted that small business owners didn’t feel they had the personnel, budget or technologies to make their IT security more effective. From our work with small and medium businesses, we’ve seen great improvements in IT security with just a few small, inexpensive processes.”

“Multi factor authentication can add an extra layer of security to email accounts. It is offered by the major business email providers like G Suite (Gmail) and Office 365 (Outlook), and doesn’t cost anything extra.”

43 per cent of the respondents reported that they had been the victim of phishing and social engineering, and 39 per cent reported that they had no understanding of how to protect against cyber attacks. Increasing employee understanding of the most common forms of cyber attacks would help to prevent these types of scams.

“Email fraud, social engineering and phishing have had the biggest impact on small business in recent months. Thanks in large part to a lack of understanding on how phishing happens, we know of businesses that have lost thousands of pounds to cyber criminals”, says Feeny.

“All of our clients receive advice on IT security and breach prevention, and it’s something that all IT firms should be able to advise their clients on. One of the best pieces of advice we can give to businesses, is to always verify invoice requests with new bank details. If you’ve done business with a company before, and suddenly they have a new bank account, ring them to check the details before making a payment.”