Small businesses are burying their heads in the sand over cyber security

Despite an escalation of high profile global cyber crime, a fifth of small British companies say they still don't know how to protect themselves from potential online business risks, a survey by Enterprise Nation on behalf of domain firm Go Daddy reveals.

The research found that despite the fact that a quarter of them have already experienced a breach of security, more than third still don't even have even basic things like security-enabled wifi.

Of those that reported they been a victim of online crime, just under one in five (18%) said they had been targeted by ransomware attacks, with a third (32%) admitting their website had been defaced causing reputational issues.

A quarter said they had experienced phishing emails and yet less than half (47%) said their website was on a secure platform.

While an impressive 85% said they used password protection for their desktops and laptops, one in three confessed that their cyber security policy had come from friends rather than experts.

Emma Jones, founder of Enterprise Nation, said: "In large firms there will be information security officers whose job it is to manage cyber safety and customer data.

Yet, more often than not, in smaller firms, it’s the founder who is managing everything from business generation to HR to payroll to cyber security. More than half the founders that took this survey said they managed their website themselves.

"And while in theory cyber security is high on the priority list, the reality is that it is just another thing to do on an extremely long to-do list with a limited budget. Almost half said that they would like to make online security a priority.

"But with increased threats and so many networks communicating with each other, protecting your business online has never been more important."

Stephano Maruzzi, Go Daddy's vice president Europe, Middle East and Africa, added: "For small businesses on a budget, there are still some very quick and cost-efficient ways to improve cyber protection.

"Educating staff on the risks of transferring sensitive emails to personal accounts or via less-secure mobile devices and implementing measures such as two-step authentication can be done easily and have a dramatic effect.

"An SSL or digital certificate is also recommended as it allows encrypted communication between and web browsers and a web server, something particularly important for transactional websites.

“Attackers often use the easiest ways to break in; phishing, weak passwords or calls from someone claiming to be from the tech or accounts department of one of your clients.

"These methods are becoming more and more sophisticated and convincing. Education for founders and their employees around how to avoid these issues is paramount, but so often overlooked."

Retail was the business sector most targeted, with 44% reporting they'd already experienced a security breach. However, this sector was also the most likely to spend nothing on protection (44%).

While those in manufacturing were most likely to be targeted with ransomware with a quarter saying they had been a victim, food and drinks brands were the most likely to be working from wifi with no security key (86%).

Meanwhile half of all professional consultants reported that they had searched and found protection independently from the internet. Interestingly this was the business sector that also experienced the most phishing.

A third of those in the creative sector reported that they had no idea how to go about protecting their computer from cyber threats.

A whopping 70% said they regarded their website as critical to their business but only 28% said their customer data was encrypted, with just over half (52%) saying they had SSL software protection or malware on their PC.