Small firms and consumers 'complacent about security'

Small firms and consumers 'complacent about security'

Summary: Get Safe Online, the Web safety campaign, is urging small businesses to wise up to security dangers

TOPICS: Security

Small enterprises and consumers do not treat Internet safety as a priority, according to banking experts at a government-backed safety advice Web site.

Get Safe Online warned this week that while most SMEs and consumers are aware of Internet security issues, they do not see safety as important enough to warrant specific action.

"We're worried about people who are complacent. I would like to think most small businesses and consumers are aware of safety issues — the trick is to move from awareness to action," Nick Staib, a member of the Get Safe Online steering committee, told ZDNet UK on Tuesday.

"Small businesses are aware of safety issues, but it's not a priority if you're racing round trying to run your business. It's easy to leave for another day," added Staib.

In an as-yet-unreleased Get Safe Online survey of 627 people, representing SMEs and consumers, more than a quarter were either not aware of phishing scams, or were unsure of how to protect themselves from being lured to fraudulent Web sites.

In addition, the survey found that 45 percent would not automatically delete an unusual or unfamiliar email, despite approximately 5.7 billion phishing emails sent each month, according to the Anti-Phishing Working Group.

Twenty-eight percent of respondents felt that reading email carefully and trusting their instincts was an acceptable way of avoiding falling victim to online fraud, and 24 percent felt that asking a friend for advice would be sufficient.

Staib said that IT security professionals are frequently exposed to different scams, making them "just a bit blasé" about how effective trickery can be.

"Yet people write into Get Safe Online sending email text they've received that's clearly not realistic. It's barely even legible," said Staib.

Staib urged IT managers to encourage staff to "spend 10 minutes on Get Safe Online" to acquaint themselves with common Internet scams. The survey found the most common email scams in June involved lottery winning details, fake payment details requests, updating account details for an online service, notice of an inheritance, and foreign aid charity payments.

Get Safe Online has attracted criticism in the past for receiving major sponsorship from companies such as Dell, Microsoft, eBay, BT and Lloyds Bank while claiming to offer impartial advice.

Staib insisted that the Web site "doesn't take sides", even though it is sponsored by big businesses.

"We're not just a bank site, an eBay site or a Microsoft site. At one stage we recommended that people use Firefox [as a Web browser instead of IE]. If we lost our credibility then we would lose the battle," said Staib.

Staib, who is also the manager for personal Internet banking at HSBC, urged IT managers to make sure their staff know that no financial institution will send emails encouraging people to log onto any site.

Get Safe Online's next safety drive will coincide with the introduction of Internet Safety Awareness Week later in the year, although the project is still at an "embryonic stage" according to Staib.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • Staib when HSBC is careless on security dont advice others, isi'nt that right. Just do a search with the word 'Hsbc' on Zdnet or check 'HSBC accuses rivals of security 'arms race'' , look at the comments. I myself read.................

    How could Hsbc India be so corrupt minded they penalise a employee for refusing to tell his manager details of security flaws in their UK systems.

    It is but natural to take credit for their work, I'm reading here it says two managers took action to blackmail him into parting with the info. Even top mangement have not rectified situation!!

    So is this the world-class that they claim, no doubt their India service is pathetic, they dont understand and are repetitive. This is why, retain losy guys throw out good guys who know their value. WORLD CLASS MY FOOT.