Tag Archives: UK

How SMBs in the UK Handle their Company’s Security

UK Avast for Business INFOGRAPHICIn February, Avast launched the world’s first free, easy to use, cloud-managed security offering, Avast for Business, protecting SMBs from viruses and cyberattacks. We conducted a survey amongst our Avast for Business users in the UK to gain further insight into how local SMBs handle their security.

Nearly three-quarters (73%) of respondents said that 100% of their company’s employees use the Internet. Businesses, whether small or large, retail or non-profit, often have a database of valuable customer data, making them an attractive target for cybercriminals.

Cybercrooks use social engineering to attack businesses, tricking employees via phishing scam to, for example, gain access to a company’s network. Despite the high number of data breaches, 57% of SMBs in the UK invest only 0-2% – little to nothing – of their IT budget on security.

Who handles IT support services for SMBs in the UK?

  • 1 out of 10 said an employee (not a designated IT admin) handles the company’s IT support services
  • Nearly 50% have an in-house technician
  • 1 out of 10 have an external supplier/technician handles the company’s IT support services
  • 28% of SMB business owners handle their company’s IT

BYOD

More than half of SMBs in the UK allow their employees to access company data from their personal devices. Bring your own device (BYOD) is a convenient practice SMBs have embraced, as it saves costs and encourages productivity.

However, BYOD can be risky, if not handled properly. Not only can hackers target the device to gain access to sensitive corporate information, but if the device is lost or stolen, the company data stored on it goes with the device. More than half (52%) of SMBs authorize employees to access corporate data on personal devices, yet the majority (54%) doesn’t run a BYOD scheme. 

Threats

Losing valuable and confidential data (31%) is the greatest security risk to UK SMBs along with productivity (23%) and losing customers (16%). We asked our business users if a virus or threat had infected them before switching to Avast for Business. When it came down to it, threats and hacks cost six out of 10 businesses productivity, followed by data loss (19%).

Types of security solutions SMBs used prior to switching to Avast for Business:

  • More than half (55%) used free consumer security solutions
  • 23% used premium business security solutions
  • Nearly one out of ten used premium consumer security solutions
  • Nearly one out of ten either do not know what kind of security solution they used before switching to Avast for Business or did not use any security solution (3%)

If your SMB has a low IT budget or if your business is currently using a consumer security solution, make sure you check out Avast for Business. Avast for Business is FREE and can be downloaded here.

 

UK Government is addressing SMB cyber security needs, but are you doing enough?

The scheme will offer micro, small and medium sized businesses up to £5,000 for specialist advice to boost their cyber security and protect new business ideas and intellectual property.

The initiative will also enable firms to access services from the UK cyber security industry, and help them to adopt Cyber Essentials, a government-backed, industry supported scheme to help organisations protect themselves against common cyber-attacks.

With small businesses still guilty of underestimating how valuable their data is to the global, cybercriminal network, I fully support the initiative and would advise any small business to take advantage of the offer. In the UK, many small businesses are still not investing significantly in cyber security measures – recent government figures suggest SMEs with 100 or more employees spend about £10,000 per year, while the smallest firms spend as little as £200.

It’s clear that more guidance is needed, and with so many resources now available there is no reason not to be better informed. I wonder if this news has prompted you to consider your own cyber security needs and if so, how many of you plan to sign up?

It would be great to see similar schemes rolled out beyond the UK, and I fully expect this will happen as security continues to rise further up the news agenda. For those not eligible for schemes such as this, I would advise you to adhere to the following best practices:

  • Educate your staff via in-person training sessions and by providing regularly updated resources on the threats landscape
  • Always make sure your customer data is stored in an encrypted database
  • Require multiple levels of passwords to access any database storing customer information; and change these passwords frequently
  • Regularly run background checks on employees handling customer data
  • Make sure to have malware detection software running on both your servers (hosted or not) and workstations and that it, and your operating systems, are regularly patched and updated
  • Review and implement the standard network security health check controls
  • Make sure your Crisis Management or Disaster Plan (which you should also have) includes a data breach plan

With the volume and scope of small business security threats on the rise, SMEs simply cannot afford to wait and risk becoming the next breach we read about in the morning papers. It’s great to see that government is taking further steps to address the cyber security issues SMBs face, but it’s an issue we all need to address – both as businesses and employees.

For more information on keeping your business safe, visit the AVG Business website.

The UK gets ready for automated vehicles

Earlier this July, the British government published “The Pathway to Driverless Cars: A Code of Practice for testing”, a fourteen page document clarifying the legislation around driverless vehicle testing in the UK.

As expected, the document is heavily skewed towards safety, with stipulations for operator overrides and emergency service procedures among others.

That’s not the part that I found interesting about the guidleines. That came later, and was more focused on data collection and cyber security.

As we have come to expect from our connected devices, data collection is inevitable. The government’s outlines mandate the following as minimum data recording functionality on the vehicle.

As a minimum this device should record the following information (preferably at 10Hz or more):

  • Whether the vehicle is operating in manual or automated mode
  • Vehicle speed
  • Steering command and activation
  • Braking command and activation
  • Operation of the vehicle’s lights and indicators
  • Use of the vehicle’s audible warning system (horn)
  • Sensor data concerning the presence of other road users or objects in the vehicle’s vicinity
  • Remote commands which may influence the vehicle’s movement (if applicable)

 

Add to these minimum prerequisites some other specific datasets such as location (for traffic updates etc.) and you begin to get the picture. Very soon our connected, driverless cars will become a hive of activity, bringing convenience to our daily lives but documenting it like never before.

In fact, immediately following the data collection requirements, the document then went on to establish expected behavior for handling this data.

“Testing is likely to involve the processing of personal data. For example, if data is collected and analysed about the behaviour or location of individuals in the vehicle, such as test drivers, operators and assistants, and those individuals can be identified.”

Will our own cars present a privacy risk to us in the future? Thorough data logs of everything we do and everywhere we go suggest that it might. Who knows, perhaps we’ll see an optional “incognito mode” like we see in some web browsers, where you can drive “off-record” for a limited time.

I was also pleased to see the inclusion of some basic cybersecurity standards included in the document. As our digital world rapidly merges with the offline, it becomes ever more important to safeguard the things that matter most from attack.

The document stipulates:

“Nevertheless, manufacturers providing vehicles, and other organisations supplying parts for testing will need to ensure that all prototype automated controllers and other vehicle systems have appropriate levels of security built into them to manage any risk of unauthorised access.”

This is hardly comprehensive but it does make developers consider cybersecurity from the outset.

While time will tell just how ready the people of Britain are for driverless vehicles, but it’s good to see that the government is addressing safety concerns both on the road and online.

UK takes aim at serious hacking offenses with planned life sentences

Law makers in Britain are discussing a dramatic increase in sentencing for serious hacking offences, according to The Register. Currently in discussion in the country’s upper house, The House of Lords, the move looks to overhaul the Computer Misuse Act 1990, and includes a possible life sentence for serious hackers.

The post UK takes aim at serious hacking offenses with planned life sentences appeared first on We Live Security.