To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://management.silicon.com/smedirector/0,39024679,39118392,00.htm

Government and vendors accused over SME e-crime
"They're shooting themselves in the foot"

By Jo Best

Published: Friday 13 February 2004

SMEs – the backbone of British industry – have received a gentle reminder on the IT security front, with influential political organisations and vendors, the ever-present Microsoft among them, stepping up to join the crusade to bulletproof the small businessman against e-crime.

A report from industry lobby group European Information Society Group (EURIM) and political think-tank IPPR, published today, aims to raise awareness of the security issues faced by small and medium-sized businesses and calls on government to help them in the fight against cybercrime.

Jamie Bend, research fellow at IPPR, told silicon.com that "e-crime is growing – there are threats in the online world [small businesses] aren't aware of... SMEs are fairly central to the economy but they have a low level of resources to deal with security."

The report highlights the economic importance of keeping SMEs secure not just to the companies themselves but to the UK as whole. "Those who use computers and the internet without adequate security are not only a danger to themselves, they can also be a danger to the rest of an increasingly interconnected world, as shown by recent problems with the latest generation of viruses and worms that spread rapidly through poorly protected systems."

Although big firms usually have better security and more resources to deal with any potential problems, even they can't escape the security nightmare that is the SME, with a large proportion of security breaches originating from the SMEs in their supply chain.

With 1.2 million SMEs and 2.6 million sole traders in Britain, most of whom lack the same IT expertise or cash of their bigger counterparts, e-crime soon adds up to a big problem for the little guy.

The report makes a series of recommendations about how to tackle the issue, chiefly calling on the government to take a stronger stand. Underlining the government's underperformance to date – "[SMEs] are a particular target for government initiatives and education programmes of all types... However, this has not, to date, had a significant impact on their attitudes and behaviour in the electronic world" – the organisations are calling for more government help from the sector.

The government's previous security offerings have gone down like a concrete kestrel among the industry, it seems. Philip Virgo, secretary general of EURIM, told silicon.com: "The government is paying for all these education initiatives – but security is almost zilch in all of them. Firms are told broadband is good for you, be online all the time but security isn't mentioned. Most people aren't aware they need a lock on their door."

Among the recommendations in the report is an appeal for the National High-Tech Crime Unit to develop a central source of guidance for SMEs and the development of a 'Green Cross Code' of basic security good practice for the small business.

IPPR's Bend said: "Funding isn't necessarily the answer. A Green Cross Code advisory would be useful for SMEs."

EURIM's Virgo favours a 'ding-dong, security calling' strategy, with certified security professionals able to visit SMEs and resolve their security issues on site.

He told silicon.com: "When you get a new security product, nobody installs it for you, nobody explains what all those settings mean. Most users don't have clue what they mean. SMEs need to be educated; they need security and they need to be educated to pay for a human being to talk you through it. The industry needs to realise that if they want to sell to SMEs, they have to produce something relevant to them. They're shooting themselves in the foot."

Some public authorities, however, are taking cyberaction on crime. The Crime and Data Information Exchange, launched on Monday, will bring together information from the emergency services as well as Youth Offender Teams and drug and alcohol action teams in Sussex to raise awareness of local crime 'hotspots' and better distribute their resources.