Half of SMEs have no breach prevention or recovery plan
Half of small businesses in the UK (52 percent) are not taking any preventative measures to protect themselves against cyber-crime despite increased awareness of data breaches - and 68 percent have no disaster recovery or business continuity plan in place.
They don't understand that they are as much at risk of cyber-attacks as large enterprises, says the new research by CSID, which is based on a survey of 102 small UK businesses.
Most respondents (85 percent) also have no plans to increase their budgets for security implementation, and fewer than 13 percent are working with a third party vendor to protect themselves.
In the event of a breach, 63 percent of small businesses said they would most likely turn to their insurer, bank, lawyer or IT supplier for assistance; the police being the least likely first point of call.
Half of respondents' (53 percent) main concern in the event of a data breach was reputational damage, but only 47 percent of respondents monitor their brands online, and fewer than 15 percent have a social media policy. Just nine percent were worried about the negative impact on employees.
Half of respondents were concerned about undetected malware, 33 percent with phishing attacks, and only two percent were concerned about Bring Your Own Device (BYOD).
“We're surprised by the lack of employee education and social media policies in place,” Andy Thomas, managing director of CSID in Europe commented in a company statement. “It seems that time and again businesses misjudge the element of staff-related security breaches which appear to be increasing every year.”
The advice from CSID for small businesses was:
1) Develop security policies early and educate employees – including creating and enforcing password, BYOD and social media policies from day one.
2) Monitor employee and customer credentials. Use software solutions to help monitor the security of your business.
3) Create a breach preparedness plan including practicing transparent communication with the public and affected parties. While a damage control plan may not reduce the cost of repairing the breach, it can keep customer relationships intact and diminish reputation damage.
The revelations don't inspire confidence in promoting use of SMEs for G-cloud services.