BYOD Threats Exposed: 61% of UK SMEs Suffer Cyber-Attacks
Small UK businesses that operate a BYOD policy are more likely to suffer a cybersecurity-related incident, according to new figures from Paymentsense.
The merchant service provider polled over 500 small business owners nationwide and found that 61% have experienced an incident following their introduction of BYOD.
The findings seemed to suggest that the rate of security issues increases with greater penetration of BYOD.
Some 40% of microbusinesses with up to 10 staff have such a policy, and 14% reported a security incident. But 51% of businesses with 51-100 people and 69% of firms with 101-250 employees allowed BYOD, and their figures for security incidents stood at 70% and 94% respectively.
The most common incidents over the past 12 months were malware-related (65%), followed by viruses (42%), distributed denial of service (26%), data theft (24%) and phishing (23%).
The findings highlight the challenge facing firms with fewer resources to spend on IT security, of how to enable more productive ways of working without exposing themselves to greater cyber-risk.
Paymentsense head of digital, Chafic Badr, argued that firms need to have guidelines in place which teach staff how to follow cybersecurity best practices, adding that “regular engagement and communication with staff at all levels is important.”
"As with all cybersecurity issues, the biggest factor is the human one — employees need to be aware of their responsibilities and the risks associated with a BYOD system. This is particularly important when you consider personal data responsibilities in the post-GDPR landscape,” he added.
“If mistakes are made, having an incident response plan clarifies responsibilities and ensures the timely action is taken to contain and control the situation.”
The findings chime with a recent government report which found that 43% of UK businesses have suffered a cyber-attack or breach over the past 12 months. However, the figures rose to 49% for those that operated a BYOD policy.
Source: Information Security Magazine