UK government campaign to educate SMBs on cyber threat

News by Doug Drinkwater

The British government has launched a new campaign which aims to educate consumers and SMEs on information security.

The new “Cyber Streetwise” scheme encompasses an independent website, which offers practical advice on everything from enforcing strong passwords and securing wireless networks to managing user privileges and personally-owned devices.

The campaign comes after the government's recent National Cyber Security Consumer Tracker, which found that most people didn't take the necessary precautions to protect themselves online.

This bears particular importance to small-and-medium-sized enterprises (SMEs), which have been increasingly targeted by hackers over the last year.

Speaking shortly after the announcement, Sophos' global head of security research James Lyne suggested that the campaign could help these firms get their security up to scratch.

"Consumers and SMEs alike are finding new ways to interact online, including via a greater range of devices, but with this enhanced technology comes risk,” said Lyne.

“SophosLabs finds more than 30,000 new infected websites distributing malware every day and, contrary to popular belief, the majority – around 80 percent – are legitimate small business websites that have been hacked. It's therefore vital that small businesses in particular get the basics of security right. spoke to a number of info security experts on hearing the news, and found that the reaction was overwhelmingly positive.

“Cyber Streetwise is another push towards getting SMEs to understand the threats that come from cyber attacks – the challenge, as ever, is to get mind-share within the executives of these companies and to get them to take action,” said Dr Guy Bunker, SVP of products at Clearswift.

Bunker went on to add that education is paramount to reducing cyber risks, something which Boldon James CEO Martin Sugden was keen to touch upon.

“The Government has identified that one of the key aspects to cyber security is empowering your employees – helping them to protect themselves and manage your data securely,” said Sugden. “Ultimately, the responsibility for cyber security will always remain with the business, and by educating employees on the best data security practices, SMEs can ensure that their employees are another resource in protecting a company's assets.”

Brian Honan, security analyst at BH Consulting, told that he hopes the initiative is a wake up call to the SMEs who presume that their data is safe.

“Many small businesses do not consider themselves a likely target for criminals”, he said. “However, what these companies fail to realise is that the data on their networks can be worth a lot of money to criminals.

“If a company stores and processes information on their customers this has value; if they process credit card information this data also has value to criminals, indeed the companies own intellectual property (especially if it is in the high tech sector) could be worth stealing and selling to competitors elsewhere.”

Honan went onto suggest that ransomware and extortion scams are increasingly common in the SME world.

“We have seen criminals break into a company's network and then modify the backup software on the server to keep running every night but not to backup any data. After a number of weeks the criminals return and encrypt the disks on the server and demand a ransom of several thousand pounds to make the data available to the company again.

“When the company tries to restore data from their backups they then discover the backups have not been working as expected and they have no data to restore. The company is then left with the choice of paying the ransom or losing all their data.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews