Big risks for small businesses who ignore data security

Password through a magnifying glass Several tech firms encouraged people to change all their online passwords in light of the Heartbleed bug

The recent security scare over the Heartbleed bug should send shivers down the spines of most small businesses.

Technology of Business

There you are thinking all your online customer data is safe, thanks to popular open-source encryption software called OpenSSL, and it turns out to be anything but.

This small vulnerability has potentially compromised two-thirds of all websites.

"The main worry is for small e-commerce sites that do not know they have been affected," says Keith Cottenden, director at cybersecurity specialists CY4OR.

"Any business that takes customer details could be vulnerable because this encryption is designed to protect personal data… Businesses need to apply mitigation now."

But finding effective and affordable ways to keep "mission critical" data safe from hackers, fraudsters and natural disasters can be a daunting and difficult task for small firms.

Busted flush

Poor data security can literally ruin your business.

Bitcoin trader Kolin Burges MtGox's shutdown prompted anger among bitcoin traders

For example, weak security measures and alleged poor infrastructure brought Japanese Bitcoin exchange MtGox to its knees before it eventually went bust.

The exchange, which was handling about 70% of the world's bitcoin trades at its height, said 850,000 of the digital currency coins were stolen by hackers.

The company was forced to file for bankruptcy in February.

But in March, MtGox then said it had found 200,000 "lost" bitcoins - worth about £70m - in an old digital wallet dating from 2011.

When security is your business, such laxity is obviously disastrous.

The UK's Federation of Small Businesses (FSB) believes unchecked cybercrime is severely stunting the growth potential of its members.

Cybersecurity best practice

Firewall lock on main board, with a concept background
  • Implement antivirus, anti-spam, and firewall protections
  • Carry out regular security updates on all software and devices
  • Implement a resilient password policy (minimum eight characters, change regularly)
  • Secure your wireless network
  • Establish a clear security policy for email, internet and mobile devices
  • Train staff in good security practices and consider employee background checks
  • Implement and test back-up plans, information disposal and disaster recovery procedures
  • Carry out regular security risk assessments to identify important information and systems
  • "Stress test" websites regularly
  • Check provider credentials and contracts when using cloud services

Source: Federation of Small Businesses

The risk of fraud and online crime, both real and perceived, is costing each UK small business up to £4,000 per year, the FSB says, while cybercrime as a whole costs the UK economy an estimated £27bn a year.

About a third of FSB members have been victims of online crime over the last year, whether from virus infections, hacking attacks or other system security breaches.

As well as the financial loss and inconvenience, there is the potentially disastrous loss of customer trust.

Crime and complacency

Despite the critical importance of data security, many businesses appear almost oblivious to the risks.

A 2013 survey by security software firm AVG revealed that a large amount of data loss occurs simply due to human error and carelessness.

It seems many businesses are more concerned with tidying their desks or ordering new business cards than backing up data.

A reported 43% of UK and 53% of US small businesses said they spend more time changing passwords than backing up.

And about a quarter of them leave longer than a week between back-ups.

"Too many times an act of carelessness or a security breach has led to information going missing, and in some cases businesses have found themselves in a position where the data is non-recoverable," a Microsoft spokesman told the BBC.

Floods and fires

Natural disasters can pose just as big a risk to small firms as cybercrime.

An estimated 25% of businesses do not reopen following a major disaster, according to the Institute for Business and Home Safety, a not-for-profit organisation.

In 2012, Hurricane Sandy destroyed thousands of small businesses in the US, while many others still felt the effects at least a year after the event.

Hurricane Sandy damage Hurricane Sandy wreaked havoc along the East Coast of the US

Rob Cotton, chief executive of Manchester-based NCC Group, a data security firm, told the BBC that adapting good security practices can be difficult for small businesses.

"SMEs that are using their own IT services in-house need to consider the physical security of the equipment, as well as whether the IT is vulnerable to external threats," he says.

"It's also important to consider the risk from your own staff, since many incidents result from rogue employees - the so-called 'insider threat'."

Cloud all hot air?

Start Quote

Putting business-critical information in the hands of a third party demands a degree of trust”

End Quote Microsoft spokeman

A common piece of advice is to back up data securely and often, but should this be to locally stored servers or to remote cloud services?

"Cloud providers will generally be more proactive in terms of ensuring software is up-to-date and maintaining patch levels," says Mr Cotton.

"They will also have better security knowledge and awareness, meaning servers and services will generally be well configured. On top of this they are more resilient and most will have robust disaster recovery and continuity plans in place."

Another advantage of the cloud is that thieves won't necessarily know which service your business uses or where it keeps its servers.

But Mr Cotton admits there are certainly risks around adopting cloud services.

Cloud computing Using cloud services has several advantages but is no guarantee of keeping your data safe

One obvious one - often overlooked - is that the provider itself suffers a break in service or a breach of its defences, so it makes sense to interrogate the reputation and reliability of any cloud service provider very closely.

"Putting business-critical information in the hands of a third party demands a degree of trust," said a Microsoft spokesman. "Solid providers will explain their security methodologies and commitment to the business."

That said, a "belt-and-braces" local back-up plan may be a good idea.

Spread your eggs

Small firms need to protect their data against viruses, malware and natural disasters, as well as disgruntled or careless employees.

But how defences against these threats are implemented will depend upon the circumstances and nature of each business, experts say.

In finance, keeping all your eggs in one basket is rarely a wise idea, and the same applies to data. So for maximum security, spreading data around both traditional and non-traditional services seems to be the best policy.

Perhaps most importantly, the FSB stresses the need for education.

If your managers and employees don't appreciate the need to protect data, the whole future of your business could be on the line.

More on This Story

The BBC is not responsible for the content of external Internet sites

More Business stories

RSS

BBC Business Live

  1.  
    HOUSE PRICES 09:45:
    A view of houses in north London

    The average UK house price rose 11.7% in the year to July to £272,000 official figures show, up from 10.2% in June. On a seasonally adjusted basis the ONS says house prices rose by 1.6% month-on-month. As usual house price growth has been driven by the capital where the average property increased in value by 19.1% in the year to July.

     
  2.  
    INFLATION 09:35:
    Chart showing falling inflation

    Food prices actually fell 1.1% on the year, according to the Office for National Statistics. ONS statistician Richard Campbell told BBC News that a price war among supermarkets and a good growing season are factors behind lower food prices. Falling petrol and diesel costs were the next biggest contributor to lower inflation.

     
  3.  
    INFLATION Breaking News

    Consumer Price Inflation for August fell to 1.5% from 1.6% a month earlier, official figures show. The biggest contributor to the slowdown in the rate came from food and drink prices, the Office for National Statistics says.

     
  4.  
    INFLATION 09:19:

    We await UK August inflation numbers due at 09:30. In July Consumer Price Index (CPI) inflation fell to 1.6% from 1.9% a month earlier. However average wage growth was just 0.6% in the three months to June.

     
  5.  
    PHONES 4U COLLAPSE 09:11: Radio 5 live
    Phones 4U shop

    Phones 4U founder John Caudwell is back this time on Radio 5 live. He says that Phones 4U would never have pushed the network operators so hard in negotiations that they would have been forced to walk away. It would have made no sense to have alienated their only suppliers, he argues. But he concedes that he doesn't know the facts of the matter.

     
  6.  
    HIGH STREET VACANCIES 09:00:
    Charity shops

    Overall high street vacancy rates have fallen in the first-half of the year, according to The Local Data Company (LDC). On Radio 5 live Matthew Hopkinson of LDC says there are lots more charity shops, pound shops and also independent retailers. He also says that vacancy rates in the North West are double that of London (16.9% versus 7.8%).

     
  7.  
    ASOS SHARES SLUMP 08:46:

    ASOS shares are almost 13% lower so far this morning. The online fashion retailer warned that profits would not grow in the current financial year. Sales rose 15% in the three months to the end of August, but that was a sharp slowdown from the previous quarter when sales accelerated 25%. ASOS shares are down more than 60% over the last six months.

     
  8.  
    PHONES 4U COLLAPSE 08:30: BBC Radio 4

    The former chief executive of the Office for Fair Trading John Fingleton tells Today it is "highly unlikely that Vodafone and EE colluded to reduce high-street competition by cancelling their contracts with Phones 4 U." Mr Fingleton, who was head of the OFT from 2005 until 2012, says there is "no evidence" of collusion and rejects any call for an investigation into the matter.

     
  9.  
    PHONES 4U COLLAPSE 08:23: BBC Radio 4

    As well as condemning the network firms, Mr Caudwell also dishes out criticism for the BC Partners, the private equity firm that owned Phones 4U. He says it took £200m out of the business. "I don't like the fact they did it because they left the business much more vulnerable but it was manageable," he tells Today.

     
  10.  
    HEADLINES
    • Inflation rate falls to 1.5% in August
    • Phones 4U 'assassinated' by networks claims Caudwell
    • Calpers withdraws $4bn from hedge funds
     
  11.  
    PHONES 4U COLLAPSE 08:09: BBC Radio 4

    The "ruthless actions" of mobile phone networks were behind the demise of Phones 4U says founder John Caudwell , who sold the business in 2006. It was an "unprecedented assassination" of the company by the networks which had partnered the firm for 20 years he said on the Today programme. The idea the Phones 4U managers "dug their heels in" during negotiations is "preposterous", he says adding "I simply don't believe Vodafone".

     
  12.  
    THOMAS COOK 07:56:
    The logo of travel agency Thomas Coo

    UK holiday operator Thomas Cook says it expects full-year earnings to the end of September will be in the range of £315m to £335m putting it broadly in line with analyst expectations. It added weaker prices, which it first warned about in May, continued but it had offset that impact by speeding up its cost-cutting programme.

     
  13.  
    CALPERS DUMPS HEDGE FUNDS 07:41:

    US pension giant Calpers is withdrawing all of its investments in hedge funds, blaming their expense and complexity. That's a cool $4bn (£2.4bn) leaving 30 hedge funds. Calpers, which stands for the California Public Employee's Retirement System, is the biggest public pension fund in the US.

     
  14.  
    Via Twitter Nick Bubb, retail analyst

    tweets: "Ouch....Q4 sales at ASOS weren't quite as bad as feared (+15%), but ASOS warn that there will be no profit recovery in y/e Aug 2015"

     
  15.  
    MAURICE LEVY 07:30:
    Mauricy Levy

    Maurice Levy, one of the most influential figures in advertising and in France, is to stand down as chairman of advertising giant Publicis in 2016. He is credited with turning Publicis into one of the world's biggest advertising agencies.

     
  16.  
    ASOS TRADING 07:18:
    ASOS

    Asos says that a fire at its Barnsley distribution centre in June resulted in lost sales of between £25m and £30m. But the online fashion retailer expects annual profit to still be in line with market expectations. Total first quarter sales rose 15%.

     
  17.  
    SCOTTISH INDEPENDENCE 07:05: BBC Radio 4
    pound coins

    What will happen to the currency on Friday it Scotland votes in favour of independence? George Godber of the fund manager Miton tells the Today programme that he can see "a very significant fall" in the value of the pound, maybe as much as 10% over about a week. That's because the UK's status as the fastest growing Western economy and a safe haven will be put in jeopardy, he says.

     
  18.  
    RUSSIA GAS 06:49: BBC Radio 4

    Europe could cope if Russia were to interrupt gas supplies in retaliation to European sanctions, says Malcolm Bracken of stockbrokers Redmayne Bentley. Norway can increase oil and gas production and gas reserves are in a pretty healthy shape, he says. Vladimir Putin needs money from the West more than he's letting on so we shouldn't be too worried about the effect of sanctions, says Mr Bracken on Today.

     
  19.  
    BUSINESS RATES 06:43:

    More than 100 of the UK's biggest companies, including Tesco and Marks & Spencer, have called for an overhaul of business rates. In an open letter to the Daily Telegraph they say business rates "are no longer fit for purpose for the 21st century". The tax brings in £25bn for the Treasury annually.

     
  20.  
    OIL PRICES 06:35: BBC Radio 4

    Brent Crude fell below $97 a barrel on Monday for the first time in two and a half years. Malcolm Bracken of stockbrokers Redmayne Bentley explained the fall on the Today programme. "There's been a slowdown in China, cars are becoming more efficient, the war premium is falling, sanctions haven't really had an effect on oil production in Russia and money is tightening," he says.

     
  21.  
    ALIBABA SHARE SALE 06:20: Radio 5 live
    Alibaba head office, Hangzhou

    Alibaba has raised the price range of shares in its US stock market debut and could now raise $25bn (£15.4bn). The funds will allow the Chinese internet company "to make its mark" in the US market place says BBC Business presenter Rico Hizon on Wake Up to Money. Company executives are on an international road show to market the shares. Today there are in Singapore, tomorrow London.

     
  22.  
    SCOTTISH INDEPENDENCE 06:12: Radio 5 live
    Scottish flag

    The leaders of the three main parties at Westminster have signed a pledge to devolve more powers to Scotland, if Scots reject independence. On Wake Up to Money Colletta Smith, the Economics Correspondent for BBC Scotland says it amounts to an "agreement to make some kind of agreement". Details will have to be worked out after the vote, she says.

     
  23.  
    PHONES 4U COLLAPSE 06:02: Radio 5 live
    Phones 4U

    "I'm not surprised it fell over," says fund manager, George Godber in reference to the failure of Phones 4U over the weekend. On Wake Up to Money Mr Godber says the company did "not have any room for financial manouevre" because its private equity owners had recently loaded it with £250m in debt. Phones 4U founder John Caudwell will be on Radio 5 at around 08:45.

     
  24.  
    06:00: Matthew West Business Reporter

    Morning folks as always you can get in touch with us here at bizlivepage@bbc.co.uk and on twitter @bbcbusiness.

     
  25.  
    05:59: Ben Morris Business Reporter

    Good morning. It's shaping up to be a busy morning with inflation figures due at 09:30 and we'll see what John Caudwell has to say about the demise of the company he founded, Phones 4U. Stay with us.

     

Features

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.