Small firms and consumers 'complacent about security'

Get Safe Online, the Web safety campaign, is urging small businesses to wise up to security dangers
Written by Tom Espiner, Contributor

Small enterprises and consumers do not treat Internet safety as a priority, according to banking experts at a government-backed safety advice Web site.

Get Safe Online warned this week that while most SMEs and consumers are aware of Internet security issues, they do not see safety as important enough to warrant specific action.

"We're worried about people who are complacent. I would like to think most small businesses and consumers are aware of safety issues — the trick is to move from awareness to action," Nick Staib, a member of the Get Safe Online steering committee, told ZDNet UK on Tuesday.

"Small businesses are aware of safety issues, but it's not a priority if you're racing round trying to run your business. It's easy to leave for another day," added Staib.

In an as-yet-unreleased Get Safe Online survey of 627 people, representing SMEs and consumers, more than a quarter were either not aware of phishing scams, or were unsure of how to protect themselves from being lured to fraudulent Web sites.

In addition, the survey found that 45 percent would not automatically delete an unusual or unfamiliar email, despite approximately 5.7 billion phishing emails sent each month, according to the Anti-Phishing Working Group.

Twenty-eight percent of respondents felt that reading email carefully and trusting their instincts was an acceptable way of avoiding falling victim to online fraud, and 24 percent felt that asking a friend for advice would be sufficient.

Staib said that IT security professionals are frequently exposed to different scams, making them "just a bit blasé" about how effective trickery can be.

"Yet people write into Get Safe Online sending email text they've received that's clearly not realistic. It's barely even legible," said Staib.

Staib urged IT managers to encourage staff to "spend 10 minutes on Get Safe Online" to acquaint themselves with common Internet scams. The survey found the most common email scams in June involved lottery winning details, fake payment details requests, updating account details for an online service, notice of an inheritance, and foreign aid charity payments.

Get Safe Online has attracted criticism in the past for receiving major sponsorship from companies such as Dell, Microsoft, eBay, BT and Lloyds Bank while claiming to offer impartial advice.

Staib insisted that the Web site "doesn't take sides", even though it is sponsored by big businesses.

"We're not just a bank site, an eBay site or a Microsoft site. At one stage we recommended that people use Firefox [as a Web browser instead of IE]. If we lost our credibility then we would lose the battle," said Staib.

Staib, who is also the manager for personal Internet banking at HSBC, urged IT managers to make sure their staff know that no financial institution will send emails encouraging people to log onto any site.

Get Safe Online's next safety drive will coincide with the introduction of Internet Safety Awareness Week later in the year, although the project is still at an "embryonic stage" according to Staib.

Editorial standards