Cyber-security firms must step up and improve their engagement with small and medium-sized enterprises (SME) in order for them to achieve better online safety, the chief of a cyber-security firm said.
During the ISSE 2015 conference in Berlin, Emma Philpott, chief executive of the IASME Consortium, gave valuable tips on how cyber-security firms should approach SMEs.
“The approach has to be simple, there must be no cyber speak, SMEs should not be made to feel bad and the cost must always be as low as possible when engaging with SMEs,” Computer Weekly cites her.
She said SMEs don’t usually bother about cyber-security, as they don’t hear about SME breaches, and they’re just too busy trying to keep the business afloat.
“Another key problem is that SMEs do not hear about other SMEs being breached in cyber-attacks, either because those SMEs targeted attempt to keep it quiet or they simply do not know that they were breached,” said Philpott. The assumption is that the levels of cyber security are higher than they actually are, but most SMEs are doing nothing, which is quite shocking,” she said.
A lot of basics are being overlooked, and it’s a huge problem, she says.
“The five technical controls are extremely basic things like anti-malware, patching, access control, firewalls and network management, yet they are not being done by many companies,” said Philpott.
“The levels of cyber security are incredibly low in SMEs, which typically need the help of an external team to implement. They want to be secure, but it has to be easy and affordable.”