Experts Offer SME Cyber Defence Tips

Group Of Experts Quizzed As Part Of A Guardian Panel Have Offered Tips On How To Avoid Cyber Crime


Steven Beahan, Partner | +44 (0)114 294 7868

A group of experts brought together by The Guardian have offered advice to SMEs on how to avoid potentially damaging cyber crime.

The issue has become more prevalent in the UK in recent years, as high profile hacks including the recent Heartbleed breach have threatened to cause sensitive data to be leaked online.

Emma Philpott, chief executive of the Information Assurance for SMEs Consortium, stressed how important it is for staff members to keep their passwords safe.

Staff, she said, should regularly change their passwords and use a different code for each website or application that they use, as neglecting this could open the door to cyber criminals or terrorists.

James Lyne, global head of security research at the Sophos online security company, said companies should consider outsourcing their IT services to third parties in order to make sure their data is safe.

"I'm a big fan of cloud-based solutions, services and outsourcing because if it is not core to your business it is better to find someone who can do it for you and focus on what you do best," he added.

"That said, in order to outsource something safely you need to understand enough to know you have a good service and that the party is trustworthy."

Bring your own device (BYOD) policies, which allow employees to use their own laptops and tablets for work purposes, were also scrutinised by the panel.

Suzanne Fribbins, the British Standard Institute's European, Middle Eastern and African product marketing manager for risk services, said that workers must be educated on how to make sure data loss is minimised in the event that their BYOD device is either stolen or compromised.

A 2013 study into SME cyber security, which was carried out by the Ponemon Institute, found 58 per cent of SME employees believe their managers do not take online risks seriously enough, with only 26 per cent expressing a belief that their employers have sufficient IT expertise.

Expert Opinion
The views of the panel have put an important spotlight on the issue of data protection and risk management – core issues which all businesses need to factor into their planning.

"Data loss can have huge consequences for companies in a number of ways. For example, small businesses may see their reputation irrevocably damaged by such problems, while they may also face significant regulatory issues or even fines.

"It is vital that small firms always ensure they are aware of their responsibilities when it comes to data and seek specialist legal advice to ensure that their systems are robust enough to avoid significant compliance problems."
Steven Beahan, Partner