Over the years, research findings have consistently demonstrated widespread exposure to risk when it comes to data protection and security among smaller businesses, writes Dale Vile, managing director of Freeform Dynamics.
With increasing use of the internet and an increasing reliance on electronic data, there are a lot of accidents just waiting to happen.
This was the foundation for a roundtable attended by two of us from Freeform Dynamics on 1 September. Hosted by Symantec, and held at the Department for Business, Innovation & Skills in London, the main speakers and panel members were: James Caan, entrepreneur; Michèle Barker, Department for Business, Innovation & Skills; and Ross Walker, director for small business at Symantec Corporation.
Barker highlighted firstly how dependent the UK economy is on small and medium enterprises (SMEs), and secondly how dependent SMEs have become on IT and the internet. Good IT security for SMEs is therefore essential.
Walker said IT security solutions are becoming more accessible to SMEs. But suppliers, big IT suppliers in particular, are often guilty of using language that may be meaningful to large enterprises, but goes totally over the heads of many SMEs.
James Caan, in typical Dragon style, cut to the chase with his high-level analysis of the situation. He pointed out that we have SMEs with widespread need for security on one side of the equation, and an ability by suppliers to meet that need at relatively little cost to the customer on the other. The key question is therefore simple - how do you bring the two sides together?
In the discussion that ensued, it was clear that while the question might be simple, the answer is not.
SME networking and support groups
Government or government-sponsored education is useful, but not sufficient to deal with the problem. Tapping into SME networking and support groups is one possible solution.
A strong advocate of this was a journalist who spoke about the work of some of his colleagues in running an online community-based forum for small businesses. Many of the participants in the forum were actually quite savvy when it came to IT and security - they just need better support from suppliers.
Valuable though this anecdote is, we caution that Freeform's research, which uses a mix of online, phone and face-to-face techniques, often reveals that you need to be careful about how representative online activity is of the SME community as a whole.
The reality is that whether it's online or through more traditional groups, such as local chambers of commerce, for every small business that participates in such things, there are many more that don't - and these are the ones that we should be really worried about.
SMEs need mentors
The biggest problem that exists when it comes to security and data protection is that business managers and IT generalists operating in that space often don't know what they don't know. Many haven't considered the implications of the way they are using IT and the internet, and even those that have are frequently unaware that most of the challenges can be dealt with cost-effectively with the right solutions.
One possible answer to this put forward at the roundtable was mentoring. Mike Southon, himself a mentor, as well as a renowned entrepreneur, speaker and FT columnist, said that experienced peers providing advice and guidance is invaluable.
A mentor can not only articulate needs and solutions in a way that is meaningful, they also have no vested interest in a commercial outcome - e.g. a product or service sale. Genuine mentors do not even charge for their own time.
The challenge that remains, however, is reach. While online communities are open to all in theory, they only touch a subset of the SME sector in practice. Organisations such as Yoodoo Media broaden access to the mentoring approach, particularly for start-ups, but the question of reach remains.
Which brings us to an extremely important part of tackling the SME security challenge. Think about the entities that pretty much all smaller businesses have to touch as part of setting up and operating. They include their bank, their accountant, their telco provider and the people from whom they buy PCs, printers, software and other essential IT solutions - i.e. the technology retailers and resellers that make up the IT channel. This last group is key because it provides a combination of both reach and potential capability to deliver.
With this in mind, it was interesting listening to Wayne Cockerill at the roundtable. He runs an IT solutions company in the North of England that services the local SME community, reselling products from Symantec, Microsoft and others. He alluded to the constant challenge of having to translate tech-related gobbledegook put out by big suppliers into something meaningful to his customers, but also the need to help customers appreciate the risks and define the problem in business terms.
A coordinated approach to security and data protection
For a full service organisation such as Cockerill's, this is challenging but achievable. And if other players in the channel are to play their part, there is a need to help them understand how to engage with their customers around security and data protection.
They need to bridge the gap between that conversation and exchanges taking place continually around the provision of hardware and software. The basic idea is to piggy-back the risk discussion on the back of conversations and transactions that are already taking place.
But none of this can happen without investment and commitment from the big IT suppliers, so it was encouraging to hear that Symantec is providing tools to partners to help them better engage with SMEs, matching solutions to needs. Investment in SME-friendly delivery mechanisms such as cloud is an important part of this.
Martha Bennett from Freeform Dynamics probably summed it all up the best when she spoke about the need for a coordinated approach in which suppliers, channel partners, advisors and special interest groups work together to tackle the problem.
Freeform Dynamics is a research and analysis firm which tracks and reports on the business impact of developments in the IT and communications sectors. It uses an innovative research methodology to gather feedback directly from those involved in IT strategy, planning, procurement and implementation.