Skip to main content

FSB calls for action on cyber security

Mike Cherry
Cherry says small firms should help themselves
Audio player loading…

The Federation of Small Businesses (FSB) is sounding a cyber crime alert, with a report that 41% of small firms have been hit by cyber criminals in the past year but less than 20% have taken steps to protect themselves.

The FSB is highlighting the figures from its new report, Cyber Security and Fraud: the impact on small businesses, along with 10 tips on good practice in cyber protection.

Its report, which uses a survey of 2,667 members of its Voice of Small Business Panel, shows that cyber crime is costing FSB companies about £785 million per year.

About three in 10 have been victims of fraud, usually at the hands of a customer (13%) or through a 'card not present' sting (10%).


Efforts to fight fraud are not as widespread as may be expected: almost 60% of respondents regularly update their virus scanning software and only 36% say they regularly install security patches.

Mike Cherry, National Policy Chairman of the FSB, said that members have to get to grips with the problem to get the most from new technology.

"Many businesses will not embrace new technology as they fear the repercussions and and do not believe they will get adequate protection from crime," he said. "While we want to see clear action from the Government and the wider public sector, there are clear actions that businesses can take to help themselves."

The FSB's 10 tips for cyber security are:

  • Implement a combination of security protection solutions (anti-virus, anti-spam, firewalls).
  • Carry out regular security updates on all software and devices.
  • Implement a resilient password policy (min eight characters, change regularly).
  • Secure your wireless network.
  • Implement clear and concise procedures for email, internet and mobile devices.
  • Tran staff in good security practices and consider employee background checks.
  • Implement and test backup plans, information disposal and disaster recovery procedures.
  • Carry out regular security risk assessments to identify important information and systems.
  • Carry out regular security testing on the business website.
  • Check provider credentials and contracts when using cloud services.