A CBI guide, Securing Value in the Online World, is launched today by Labour minister Alun Michael.
The CBI is warning medium-sized firms that too many of them are leaving themselves vulnerable to electronic and online attack by not planning adequate security measures. By doing so, they are putting their own and other businesses in the supply chain at risk, it is claimed.<br><br>According to a recent CBI survey, 60 per cent of medium-sized firms engage with their suppliers, partners or clients online. But more than half (52 per cent) of these firms plan for no security measures.<br><br>Small firms fare little better but medium-sized companies, who are more likely to integrate their systems with large firms as well as trade with smaller ones, are putting themselves and their supply chain more at risk, it is claimed. Hence the CBI’s new IT security guide aimed at small and medium-sized enterprises (SMEs). It has advice on how to deal with online attack, viruses and cyber crime in the supply chain.<br><br>What they say<br><br>John Cridland, CBI Deputy Director-General said:<br>"The Internet is a business opportunity that many firms are seizing with both hands. So, it is a serious concern that so many medium-sized firms are leaving themselves and others open to online attack and abuse. These firms account for over half of UK company turn-over and are large enough to win contracts with big business. But large firms expect to be able to do their online business securely and, while many medium-sized firms cannot afford extensive IT systems there are straightforward measures firms can take to protext themselves and their customers.<br><br>"Securing your IT is increasingly seen as an essential part of securing competitive advantage, by becoming known as a trusted online business partner. We hope this guide will become akin to firms having their own IT consultant, available upon for advice when you need it. The online threat is constantly evolving so this is not a one-off exercise."<br><br>Alun Michael, DTI Minister for Industry and the Regions said: "Small and medium-sized firms are engaging ever more closely with each other and<br>with their customers online. We will probably need to start thinking of the supply chain as being something more like a business ‘eco-system’, where it is all the more vital for companies to protect their information assets. This guide as an important addition to the suite of materials we already have to improve the UK’s information security. It addresses the need, identified in our surveys, to provide clear information to smaller companies and encourage managers to plan for and manage their risk. The supply chain is a key route to changing behaviour in our smaller companies and this guide is a useful tool in making that happen.
Wrong investment?
Antony Smyth, Ernst & Young Partner for Information Assurance – the accountancy firm is supporting the guide – said: "Businesses’ efforts to improve IT security are all too often undermined by attention – or investment – put in the wrong place. It is easy to be distracted by the latest media headline and miss the real threat. Directors are capable of taking a personal interest and genuine ownership of their IT security and should never assume their IT staff or consultants have matters in hand. One weak link in a supply chain can bring down all the other members. Be sure you are not the weakest link!"<br><br>The guide shows examples of how to address real-life problems, the CBI claims. These include disruption to company systems and networks, theft of business information, hacking, ‘spam’ emails, ‘phishing’ attacks and illicit use of company systems. A fuller review is in the March print edition of the magazine.
