Many small businesses overestimate the cost and complexity of cyber security and miss out on simple opportunities to better protect themselves, according to an industry expert.
John Unsworth, chief executive of the London Digital Security Centre, said a low level of understanding and expertise holds SMEs back – but there are easy steps they can take.
“There is a lack of awareness as to what makes good practices when they are online,” he told Business Reporter ahead of #teissLondon2017 “Every single one of them has some sort of digital footprint, but some of them have not got in place any kind of control.”
According to Unsworth, a common myth is the belief that some businesses are too small to be targeted by cyber criminals. In fact, even the smallest firms hold valuable data.
“If you hold any kind of personal details or financial information then you are big enough to be a target,” he said. “It is not you they are interested in – it is what you hold.”
The London Digital Security Centre was set up by the Mayor of London’s office as a joint venture with the Metropolitan Police and City of London Police to better inform SMEs about the threats posed by cyber crime and what they can do to stay safe.
The centre, Unsworth explained, is launching a free membership that includes a consultation as well as information on the latest threats and support to mitigate cyber risks. It is also introducing an LDSC in the Community initiative to help SMEs get to grips with security that he says might not otherwise have the “time, inclination or knowledge” to get secure.
“What we are doing is going out to places of work that SMEs are at and spending time to do an assessment with them,” he explained of the programme. And while security can appear to be complicated, there are some easy steps small firms can make to improve.
“Some of it is the really simple things,” he said. These include not using the same passwords on different systems, implementing two-factor authentication, installing updates promptly, not using public WiFi for business and removing users from systems once they leave the company. “A lot of the issues we find are not complicated things to combat.”
“What we want to do is demystify how complicated security is,” Unsworth explained. “People are under the impression that fixing their online security will cost a lot of money. It does not. Often, it is more of a time investment than a financial investment. Some of it is about trying to articulate the return on investment on this.”