Network security( Penetration testing) : cyber-crime is costing the UK’s small businesses

It’s a well-known fact that small businesses are more susceptible to cyber-crime than many of their larger counterparts. A lack of funding and resources means that few small to medium-sized businesses can afford to pay for vulnerability assessments or penetration testing of their network security. But just how much money is this failure to protect online networks costing small businesses? Well, according to Federation of Small Businesses it’s something in the region of £785 million every year. That staggering figure is the price SMEs pay when they fall victim to fraud and malware.

The research from the Federation of Small Business found that 41 per cent of its members had been a victim of cyber-crime in the last 12 months, and claimed that the average cost to their businesses was around £4,000. 3 in 10 members also claimed to have been a victim of fraud by a customer or client, and 1 in 10 claimed to have been victims of ‘card not present’ fraud.

The FSB also looked at the impact that online crime has on small businesses. It found that the most common threat to these businesses was virus infections, which 20 per cent of respondents said they have fallen victim to: 8 per cent claimed to have been a victim of hacking, and 5 per cent said they have suffered a security breach. As shocking as these figures may appear, what concerned the FSB the most was the cost to the wider economy. It argues that this cost could escalate as small firms refuse to trade online, because they believe the network security framework does not give them adequate protection. Indeed, previous FSB research shows that only a third of businesses with their own website use it for sales.

According to Mike Cherry, national policy chairman of the FSB:

“Cyber-crime poses a real and growing threat for small firms and it isn’t something that should be ignored. Many businesses will be taking steps to protect themselves, but the cost of crime can act as a barrier to growth. For example, many businesses will not embrace new technology as they fear the repercussions and do not believe they will get adequate protection from crime. While we want to see clear action from the government and the wider public sector, there are clear actions that businesses can take to help themselves.”

Although the report found that a rump of 20 per cent of businesses refused to take action to protect against cyber-crime, 36 per cent of its members claim to regularly install security patches to protect themselves from fraud, and nearly 60 per cent members regularly update their virus scanning software to minimize their exposure to online crime. In response to the report the FSB has now issued a policy outlining 10 top tips for small firms who want to stay protected online. The recommendations include basics, like implementing a combination of security protection solutions (anti-virus, anti-spam, firewall), carrying out regular security updates on all software and devices, as well as implementing a resilient password policy, testing backup plans, information disposal and disaster recovery procedures, and checking provider credentials and contracts when using cloud services.

Mr Cherry added:

“I encourage small firms to look at the 10 top tips we have developed to make sure they are doing all they can. We want to see the government look at how it can simplify and streamline its guidance targeted specifically at small firms and make sure there is the capacity for businesses to report when they have been a victim of fraud or online crime.”

If your business needs help with security reviews, penetration testing or web security solutions, please contact Krypsys on 01273 044072 or [email protected].