Most South East businesses know that they should set alarms at their premises and lock all the doors at night but many fail to take IT security just as seriously.
This is at a time when IT systems all over the world are under increasing attack from criminals.
Figures from security specialists, Sophos, suggest that 30,000 websites a day are being compromised by hackers and the majority of victims are smaller businesses.
A survey by PWC into the worst data breaches amongst small firms indicates that such attacks cost them between £65,000 and £115,000.
Expert computer consultants across the UK generally agree that having anti-virus software and security firewalls is not enough to guard against attacks.
Three extra security steps businesses should consider are: firewalls with deep packet inspection; penetration testing of your system on a regular basis; and two factor authentication for logging on.
Two factor authentication
Alarmingly, only a few businesses use two factor authentication. Most still rely on username and passwords which are easy for hackers to guess. One of the advantages of two factor authentication is that every employee is issued with a key fob device that provides constantly-changing logon numbers.
CNC’s Gary Jowett said: “We advise all our customers to use two factor authentication and firewalls with deep packet inspection. We also offer customers penetration testing —usually every six months or once a year. This examines all the nooks and crannies of their system to check it’s as it should be and is essential for growing businesses with increasingly complex systems.
“Penetration testing also complies with the ISO 27001 quality standard now adhered to by most large organisations. So you will need to carry out such regular testing if you want to do business with a large organisation.”
Heavy fines for security lapses
The UK Data Protection Act is another reason why companies must maintain a high standard of IT security. Failure to do so can result in severe brand damage and heavy fines.
One recent example was the UK Information Commissioner’s Office (ICO) imposing a £175,000 fine on a holiday insurance company whose data was not properly protected. Hackers accessed customer records and 5,000 people had their credit cards used by fraudsters.
Another was an ICO fine of £150,000 on an online travel services company which had not subjected one of its web servers to appropriate penetration tests or internal vulnerability scans and checks. As a result, a malicious hacker gained access to more than 1,160,000 cardholders’ details.
An experienced IT consultant would have helped these companies avoid such damage to their reputations.
The frightening fact is that many companies in Sussex and the South East are just as vulnerable to such penalties as illustrated above and should tighten up their IT security before suffering a similar fate.