8 August 2016 11:00
SMEs not doing enough to protect customer data
The majority of UK SMEs are not doing enough to protect their online customer data, according to experts.
Close Brothers' latest quarterly survey of UK SME owners has found that 63% of companies have made the decision not to invest in better online security in the next 12 months, while the remaining 37% indicated that they would.
However, new EU legislation (the General Data Protection Regulation, or GDPR) will take effect within two years - and, whether the UK is in or out of the EU, it's something that UK firms trading overseas will need to adhere to according to the Information Commissioner's Office (ICO). It said: "If the UK wants to trade with the single market on equal terms, we would have to prove 'adequacy' - in other words, UK data protection standards would have to be equivalent to the EU's GDPR framework starting in 2018."
"Businesses of all sizes should be aware of their responsibility when it comes to protecting customer data," said Ian McVicar, Managing Director of Close Brothers Technology Services. "Keeping customers' details safe [is] at the core of the EU's new data protection legislation. It is intended to strengthen and unify data protection for individuals within the EU."
The survey also shows that many firms are not doing enough to protect themselves from cyber crime. While the majority of SMEs (57%) are concerned about the issue, a significant minority are not (36%).
What's more, only 41% of businesses feel "adequately protected", 17% are unsure about their levels of protection and 21% know it is an important issue but "haven't had time to look into it", while a further 21% "don't think it is an issue for our business".
Commenting on the research, Chris Stoneff, VP technical management at Lieberman Software, said:
"One of the greatest steps organisations can take to improve security comes down to administrator passwords [which] protect access to the most sensitive areas of a company's network. When these credentials are compromised, it is easier for cyber criminals or malicious insiders to move around the network and infiltrate critical systems, and even gain access to customer data."