SMEs’ data exposed to partners and fraudsters

SMEs could be leaving themselves open to attacks from fraudsters or might reveal confidential information because the companies they work with do not have...

SMEs could be leaving themselves open to attacks from fraudsters or might reveal confidential information because the companies they work with do not have adequate information security in place.

A survey of 1,200 UK SMEs, carried out by online back-up supplier Mozy, revealed that 80% had never checked if the companies they work with secure their data. A significant 56% carry out no checks at all, according to the survey.

Information passed on to partners, such as IT service providers, might include financial information and customer databases, for example.

Mozy said 60% of SMEs that suffer major losses and do not have back-up could go under within 48 hours.

Claire Galbois-Alcaix of Mozy said, "You wouldn't hire a supplier without requiring at least a month's notice in the break clause, yet hardly anyone checks to see if their supplier is keeping a back-up copy of the computer files related to their business.

Only the green and corporate social responsibility (CSR) credentials of partners receive fewer checks than information management policies by SMEs, according to the findings of the study.

Mozy recommends research into 10 items before handing over business-critical operations.

Top 10 tips for checking business credentials of partners

Is the company sufficiently insured? Ask to see a certificate of professional indemnity insurance.

What is the company's credit rating? If the banks don't trust them with credit, you might not want to trust them with your data, either.

Who owns the information that you're passing to the company? What rights do they have to use that information?

What sort of security systems do they have in place to protect your information? Ask to see an information security policy.

What are the chances of the company becoming bankrupt? Do they have sufficient backing to ensure they can survive a rough patch? You don't want a supplier going under and leaving you without the support you need.

Does the company rely on the intellectual assets of a small group of employees and, if so, how do they manage the retention of this intelligence? If only one person understands your business, what happens if that person decides to leave?

Does the company rely on third parties to fulfil any part of its commitment to you? If so, make sure they have carried out due diligence on their suppliers, too.

Where is the company storing the data that it's creating or using on your behalf? Be aware that, if it's stored outside of the EU it may be subject to different laws and access rights.

Does the company have a disaster-recovery plan? Floods and fires not only devastate lives, they destroy businesses too. Make sure that a natural disaster won't pull the rug from under your company.

Does the company have a data back-up strategy that works? Sixty per cent of companies would go bankrupt in 48 hours if they lost their data. If you rely on services and information from a supplier, make sure they have up-to-date copies of your data stored off-site.

Also see Computer Weekly's SME blog.

Read more on IT for small and medium-sized enterprises (SME)