Today sees the launch of Get Safe On-line Week. Do get involved – the most public events in London will be at Waterloo Station to intercept those on their way into the City and at Canary Wharf (hosted by HSBC) for the other high net worth risk-takers who are at most serious risk from the impersonation and fraud that increasingly follow successful phishing attacks and database compromises.
I would also, however, like to draw attention to a dirty little secret that the on-line enthusiasts and cyber security industry are anxious to hide: the reason why barely 30% of small firms are willing to transact on-line (other than for local takeaways). The National Fraud Authority analysis of Small Firms as victims of fraud is truly chilling. Chris Yiu revealed the 30% figure at a Policy Exchange Fringe meeting on broadband policy at the Conservative Party conference but had no analysis of the causes. I had, however, seen similar data from small firms organisations – which gave clear analyses of the reasons.
At that Fringe Meeting, in front of the new DCMS Secretary of State, Maria Miller, I queried whether the reason was the cost of the symmetric access necessary to host an effective inter-active website or fear of fraud. Dido Harding (Talk Talk) spoke of the availability of 10 mb leased lines at £1,000 p.a. although I cannot get one for under £1,800 in West Norwood (or £2,995 from BT). Meanwhile my BT Infinity Connection is currently (sunday morning) running at 47 mbs download and 12.8 mbs upload. Our local exchange was among those upgraded during the run-up to the Olympics. Other Londoners, for instance in the former council estates of Wapping, home of those who cannot afford to commute into Canary Wharf or the City from the outer suburbs, are not so lucky. I hear words about wonderful hosting and cloud services but these are not available to those trying to run businesses from unfashionable inner city locations, let alone the small towns and countryside of rural england. Amid the debate over consumer broadband (rural or urban) the needs of business (outside glamorous locations like Tech City) have been sorely neglected.
But is it the reason for such a low uptake by SMEs the inability to get a decent inter-active speed or is it the inability to secure their systems against systemic fraud at affordable cost (time as well as money)? One of the meetings that I will be helping the Digital Policy Alliance (EURIM) to organise after Get Safe On-line Week will be a quarterly review meeting with the members of the Information Security Awareness Forum to look at the lessons from the campaign and how to embed them in mainstream practice. That meeting is also intended to help provided a peer review of plans to help small firms better protect themselves. By then I hope that we will have been able to make progress in recruiting those who are serious about helping small firms, especially those in the most vulnerable sub-sector, those large enough to be worth pillaging but too small and/or fast growing to have developed or employed the necessary in-house security expertise to know how to protect themselves – or who to employ to do it for them.
In the mean time – it is not too late for you to take a personal part in Get Safe On-line Week – helping use social media to spread you tips on how to improve personal on-line safety – “click and tell”. Do, however, also look at how your competitors and peers are using to opportunity to show how they are nicer people to do business with, taking the safety of their customers and staff more seriously than you do. And then be very visible in helping the follow up.
I should perhaps add that as one of the volunteer ambassadors for Get Safe On-line my focus is on the business case for participation – not just in the week but in the follow up – funded from your marketing and service delivery budgets – to get more, and more profitable, business at lower cost.
For many of you that means taking the security of the small firms in your customer base and supply chains very much more seriously than you have done in the past.