SMEs are more likely to suffer cyber attacks than larger firms
A Government survey conducted last year, as part of the National Cyber Security Programme, revealed 46% of UK businesses experienced at least one cyber security breach or attack in 2017. Furthermore, the report also found 66% of cyber attacks occurred in SMEs, 45% occurred in micro businesses and 41% in large companies.
With nearly half of the country’s businesses having experienced a cyber security breach, and small and medium enterprises being the most affected by these breaches, Instant Offices highlights the need for better data protection practices in the SME environment.
In recent years, workspaces have become far more connected, both physically and digitally. Employees work across multiple unsecured devices, from office desktops to personal laptops to tablets and even their mobile phones. In addition, more SME owners are embracing flexible and co-working office spaces to save on start-up costs and keep their business agile. Without a solid security plan in place, this leaves sensitive digital information and company secrets open to a higher risk of theft.
The rise of BYOD in the workplace
BYOD (Bring Your Own Device) is a practice that allows employees to use their personal computers, smartphones or tablets for work purposes. While it might sound like a convenient solution for on-the-go business activities, BYOD also exposes companies to the increased risk of a cyber security breach.
Data leaks, data loss, malicious apps and viruses, lack of control and lack of transparency are all problems that come with BYOD. However, that hasn’t stopped it from becoming widespread in the UK:
- 46% of UK businesses allow staff to use personal devices for regular work activities.
- 68% of these are in the Information, Communications or Utility sectors.
- 64% of these are in the Professional, Scientific or Technical services sectors.
This means businesses like SciTech startups are especially vulnerable to the risks posed by BYOD.
In 2017, medium businesses across the UK spent an average of £15,500 on cyber security. Investment in security measures varied depending on size and sector.
- The Information, Communication or Utility sectors invested an average of £19,500.
- Professional, Scientific or Technical saw an average investment of £5,220.
- Retail and Wholesale had an average investment of £2,430.
- The Education, Health and Social Care sectors invested an average of £1,810.
- Businesses in the Food and Hospitality sectors invested just £620 on average.
The most common threats to data
Common breaches noted in the 2017 security survey included:
- Fraudulent e-mails (72%).
- Viruses, spyware and malware (33%).
- People impersonating the business in e-mails or online (27%).
- Ransomware (17%).
How are SMEs improving data protection?
With the flexible office trend on the rise, how are companies, especially SMEs, protecting their data?
- The study tells us that 58% of businesses have sought information or advice on cyber security threats in the past year. This information was obtained mostly from external consultants.
- More businesses are spending money on their data protection and security needs, with medium enterprises leading the trend at 87%.
These are good indications that more businesses are taking data protection seriously. It’s essential for SME owners to ensure all data protection policies in the workplace are up to date, and to foster a culture of awareness and good practices. Examples of common precautions might include:
- Putting formal security policies and documentation in place.
- Using regularly updated passwords, encryption or biometrics.
- Restricting work activity to secure devices only.
- Installing trustworthy security apps.
- Configuring anti-theft settings and regularly updating patches across all devices.
- Using features like remote data erasing, geo-location or multi-factor authentication for devices that could quickly go missing or be stolen.
- Limiting the information shared through remote devices.
With the right provider, SMEs can enjoy all the benefits of a flexible workspace setup, without compromising their security and peace of mind. Operators provide IT assistance and advice with privacy, speed and backup options all being high priorities. Some operators offer this as a bolt-on service, while others include it in their full agreement.
Danny Babington, Senior Operator Relationships Manager at Instant Offices, said: “Operators are constantly trying to improve security for their clients. Privacy has become such a talking point of late, and every provider needs to make certain that IT and infrastructure is of the highest calibre to make sure they are not falling behind the pack – but most vitally, putting the client’s needs for privacy at the forefront of everything they do. It’s a highly competitive market, and this is the most vital one that all operators need to get right.”