Survey shows cybercrime adds unnecessary burden on small business during tough economic times

19th May 2009, Marlow, UK - A new survey into British small business attitudes today reveals that alongside worries of bankruptcy (39%) and strong competition (21%), cybercrime is adding an additional burden and pressure on IT decision makers. The survey commissioned by Trend Micro, a global leader in internet content security, reveals that 20% of UK IT decision makers are concerned about either personal details or confidential company information being stolen.

When asked about electronic crime specifically, one in four respondents (25%) said their business had been disrupted by a virus over the last twelve months, while over one in ten (14%) recognised that company data had gone missing. In addition to data loss, one in ten respondents recorded the theft of mobile devices, such as laptops, mobile phones/ blackberries.

The survey highlights concerns about the ability for small businesses to apply web access policies.  On average, IT decision makers felt happy for their colleagues to spend over half an hour (36 minutes) looking at non-work related websites. While the majority prevent staff from browsing pornographic (72%) and gambling sites (64%) online, the rules around online behaviour seemed more relaxed when concerning the use of social networking sites (39%), online chats (32%) and online shopping (24%).

Reports from TrendLabs, Trend Micro’s global research centre, show that social engineering techniques deployed by cybercriminals thrive in uncertain times and predictions point to a dramatic rise in security breaches through Web2.0 platforms like social networking sites as well as an increase in data-stealing malware, geared towards stealing login credentials and credit card information – details used across online banking and shopping sites.

“The survey suggests that we need to do much more to better inform and help the small business community about the new generation of security threats that are attacking their IT infrastructure and with potentially devastating effects to their reputation and finances”, says James Walker, Product Marketing Manager at Trend Micro. “Our Worry-Free Business Security 6.0 provides an all-in-one defense against a number of threats before they even reach companies’ networks. It is geared specifically to provide these businesses with both support and guidance on how to better protect themselves without adding to their IT anxieties and without obliging them to become an IT security expert.”

Another trend the survey highlights is the increasing willingness amongst small businesses to encourage flexible working as a means of motivating staff at a time when additional financial incentives are proving a challenge to provide. While remote working featured as a more popular incentive (42%) than for example informal working environments, social events or snacks at work, it also raises concerns about the increased risks to both company networks and sensitive company data.

“Small businesses recognise the need to offer staff flexible working arrangements by allowing remote access to data held on company networks. It is therefore extremely important that IT departments adapt their security strategies to cater for new types of threats posing a challenge to security measures already in place”, adds Walker. “Worry-Free Business Security 6.0 features URL filtering at the end-point, which means internet policies can be applied to each device whether in-the-office or working from home. This, coupled with real-time intelligence blocking access to infected websites is a powerful combination.”

While putting into place comprehensive security software with dynamic, real-time updates is crucial, Trend Micro suggests a number of tips on how small businesses can protect their assets, their customer information and, most importantly, their reputation:

•   Ensure that all employees use effective passwords, and when possible, stronger authentication technology. Encourage passwords that are comprised of different upper and lower case letters, numbers and special  characters (such as £$%@) and change them frequently
•   Discourage employee downloads from non-trusted sources such as peer-to-peer.
•   Protect your network; by ensuring that PCs and laptops are protected by firewalls,  anti-virus software and web threat protection both within the office network as well as when mobile working
•   Keep all operating systems and software up-to-date, as without updates, your systems will not be well protected against new threats
•   Create and manage back-ups. It is best to store secured copies off-site  and use encryption to protect sensitive records about employees, suppliers and customers
•   Maximise encryption. You should protect customer data wherever possible, consider using email encryption.
•   Don’t leave sensitive data saved on a handheld or mobile device, in case it is stolen or lost
•   Keep in mind that your company will grow, and shop for security solutions that will grow with your business’s pace