20% of businesses do not change their passwords regularly
ISME, the Irish SME Association today (Friday 15th) published the results of its E-crime report. The Association highlights the high number of cyber-attacks on small and medium sized enterprises over the last twelve months. The issue of cyber-attacks and online computer related incidents has increased over the last decade. This E-crime report is part of wider research publication launched earlier this week and makes several recommendations on preventing and tackling cyber-crime.
Commenting on today’s release ISME CEO Neil McDonnell said“Crimes against business takes many forms, but the area in which we see most increased activity is cyber-crime.”
“Increased online business activity has expedited and expanded trade, creating a cheaper, more flexible, and far reaching business environment; but with this comes security risk.”
“Businesses must become more aware of the threats posed by cyber-attacks and take proper preventative measures. It is worrying that 20% of businesses surveyed do not change their password settings. This is a very simple preventative measure any business can take.”
The minding findings are as follows:
81% of respondents stated they were the victim of an E-crime attack, marginally down on last year’s figure of 82%.
20% of businesses don’t change their password.
98% of respondents stated they would like to see the establishment of a central/national E-crime body.
30% of businesses have experienced computer related crime in the last 12 month. (This excludes ‘Spam’ and ‘Phising emails.’)
Off those who experienced a computer related incident, ‘Spam’ is the highest at 74%, this has increased from 67% in 2016.
62% of business have fell victim to a ‘Virus Infection,’ this is up from 42% in 2017.
There has been a reduction in the numbers of ‘Thefts of PC/Laptops,’ down from 11% in 2016 to 3% in 2017.
‘Theft of Company Data’ is down marginally on 2016, dropping from 6% to 5% in 2017.
ISME has put forward several recommendations in combatting E-crime both for businesses and the Government.
The Government should consider how it could support An Garda Síochána in upskilling and enhancing their capacity in dealing with cyber-fraud and cyber-attacks.
Establish a Cyber Security Information Sharing Partnership, similar to the United Kingdom’s system, which allows for the sharing of cyber threat information,
The establishment of a central/national E-Crime body to deal with the issue of E-crime.
The Government should initiate an advertising campaign highlighting the risks of E-crime, and highlighting how small steps can be taken to prevent crime.
Making sure business software is kept up-to-date.
Checking all websites’ privacy notices to find out what they intend to do with company information.
Examining the email sender’s address carefully before opening an email, and before opening embedded hyperlinks.
Verifying (by phone call or other independent search) any emailed instructions for EFTs, or advice to change payee details for suppliers or creditors.
He added, “If the recommendations above are taken on board by the business community, law enforcement agencies and Government, we would see a significant reduction in the number of cyber-attacks on businesses".