Employees Biggest Security Risk to SMEs
IT firm McAfee syas that the biggest security risk for Britain’s SMEs is these firms’ very own employees…
Research by IT security firm McAfee says that, despite all the IT trainign and security measures put in place by the UK’s small and medium-sized enterprises (SMEs), it is the employees who pose the greatest risk in terms of keeping data secure.
The bad news is that even staff who have received IT training are at risk. 58% of empployees at SMEs who have had their email hacked have been sepcifically trained in email security.
The good news is that a large proportion of small and medium-sized businesses are making the effort to educate their employees about secxurity risks. About 68% of firms are doing just this and a similar number are actually providing training.
Worryingly though, as many as a quarter of employees of SMEs are not bothered about security, despite around 80% of staff believing that digital data is paramount to business success.
Half of staff at small businesses regularly handle client contact data with nearly as many dealing with client invoice data and the same again handling confidential client data.
The McAfee survey revealed that a third of staff believed that the biggest security threat to this data was other employees with 11% actually experiencing security breaches caused by other workers. 5% of those polled admitted that they had caused security breaches themselves/
The risk is further increased by the use of employees bringing their own devices into work (BYOD – Bring Your Own Device). As many as 20% of employees of small and medium businesses are using their own devices at work.
Raj Samani, Chief Technical Officer (CTO) at McAfee EMEA, said of the findings:
“Employees play critical roles in protecting customer records, intellectual property and critical business data. Investments in hardware or software are in vain if employees don’t follow the rules. If there are any rules or guidelines, that is to say.”
On the subject of BYOD, Samani added:
“BYOD and BYOS create security vulnerabilities SMEs need to understand and deal with today. Private usage of devices or services not only opens backdoors to a businesses’ security infrastructure, it also creates an environment where companies cannot control how their data is being accessed, stored or shared.”
Regarding the fact that, despite training their staff, SMEs were still being "hacked", Samani went on to say:
“The study reveals a disconnect between SMEs’ efforts to make security part of their employees’ mindset and employees recognising it as part of their responsibility.”
“For employees to say cyber security is not their concern is not acceptable. Cyber security is a shared responsibility: Owners, managers, IT professionals, employees and security providers alike must work together to stop cybercrime.”
On a final note, Samanu said that SMEs nust work harder to eductae anbd prpeare their staff and to protect their business data:
“More than a third of global targeted attacks are now aimed against small businesses, so SMEs clearly need to do more to educate employees to make them understand the responsibility carried by each individual. SMEs have to include their employees as an integral part of their security strategy and provide easy-to-manage security that will protect all devices, both remote and in the office.”