One in Ten Small Businesses Experienced a Data Hack

Friday, July 20, 2012

Headlines

69dafe8b58066478aea48f3d0f384820

According to research provided by small business insurance provider Hiscox, one in ten small businesses in the United Kingdom have experienced data losses from a network intrusion event.

Small businesses are increasingly becoming the target of cyber criminal operations, as most do not have the resources or expertise at their disposal to protect sensitive proprietary and client data.

“Cyber crime is costing the UK economy around £11bn a year and while the media is reporting a growing number of high profile data breaches, some small businesses may also be a popular target for hackers because their systems are usually easier to get into and the breach may not be found out for a good few weeks,” said Hiscox' Alan Thomas, comments:

While an awareness of external threats is increasing, with nearly half of all respondents acknowledging the threat to data from network intrusions, only one in four indicated they were concerned about internal threats that could lead to data loss events.

"Hiscox found that while four in ten (41%) SME owners are concerned about their computer systems being hacked, only 25% are very confident about the security measures their company has in place to protect against these risks," the company conveyed in a press release.

"The research also shows that small business owners are more concerned about risks relating to cyber crime, such as being hacked (39%) or phishing (36%), than they are of physical items (laptops, customer paperwork) being stolen from the office (31%)," Hiscox reports.

The study also found that about one in ten respondents indicated they were not aware of what data protection mechanisms their businesses had in place.

“It is worrying that over one in ten (13%) of these businesses don’t know what security measures they have in place and if they are protected from online crime," Thomas noted.

Hiscox offers small businesses the following security advice to protect sensitive company information:

  • Protect information with an internal ‘need-to-know’ policy. If storing information on a central file server, manage who has access to these files. This can help prevent accidental or deliberate data loss
  • Encrypt important information for extra security so that only authorised users will be able to access it
  • Using the internet and email to conduct business means that data loss becomes a bigger risk. Develop a clear email policy and raise online security awareness with employees and follow up on suspicious emails even if they’re a one off
  • Make it protocol across the business for employees to use numbers and letters in passwords that provide much more robust protection from online criminals, if you are handling client data, you will need to ensure you possess a professional indemnity insurance policy
  • Back up your files and check your insurance cover so that you can get your business up and running again quickly in the event of an incident
  • Items like laptops and computer monitors are common targets for thieves and the real cost of a stolen IT asset isn’t just the hardware; it’s the lost data and the lost productivity. Lock servers in a room and move laptops into a secure drawer at the end of a working day.

"It is increasingly important for small companies to evaluate all the risks their businesses face, both online and offline, and include their IT security and protection requirements in the overall contingency strategy,” Thomas said.

Source:  http://www.hiscox.com/news/press-releases/2012/17-07-2012.aspx

Possibly Related Articles:
11617
Breaches
Data Loss Security Awareness Research Small Business Headlines hackers United Kingdom Proprietary Information Computer Intrusion
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.