SEARCH CLINIC

Search engine online marketers
Subscribe Twitter Facebook Linkedin

Archive for the ‘Cyber Security’

How data is shining a light on global property markets

April 14, 2016 By: Dr Search Principal Consultant at the Search Clinic Category: Broadband, Browser, Computers, Customer Service, Cyber Security, data security, Dr Search, internet, Personal Security, Search Clinic, search engines, Uncategorized

The property market, like that of gold and oil, is a rather murky world.

The property market, like that of gold and oil, is a rather murky world.

The prices you’ll see on most websites are asking prices. The value of a done deal – the real price – can take land registries weeks to process, by which time a fast-paced market will have moved on.

So those on the inside doing the deals, such as estate agents and developers, have a distinct advantage.

Could technology help blast open this closed market?

Teun van den Dries, chief executive of Dutch software company GeoPhy, believes his data analytics software program could do just that, starting with commercial property, a global market worth about Ä22.5tn (£15.7tn), according to the European Public Real Estate Association.

His program crunches lots of different data sets – public transport, roads, congestion, location, demographics, local economy, building quality and so on – to calculate an estimated value for a property.

And he has data for 41 countries, from Singapore to Spain, Brazil to Belgium.

“If you look at the current property market, almost all transactions are handled by estate agents that will describe property as being well situated, with great accessibility and beautiful views,” he says. “And that could all be true, but it doesn’t mean anything and it doesn’t allow you to compare.”

Location accounts for 70%-75% of the weighting in the algorithm – a mathematical set of rules – and his pricing is accurate within about 5%, he says.

Estate agents are known for their creative euphemisms when it comes to property descriptions, but data could help cut through the sales speak to arrive at a more realistic assessment, he believes.

But, he notes, “a valuation is never right until someone pays. So, it’s the same price point a surveyor will put their signature on.”

The only difference is that it’s derived from data and a set of comparable rules, he says.

However, there are some valuations it can’t help us to understand – parts of London, such as St James’s Park or Mayfair, home of the £90m mansion, simply defy data analysis.

At present, his customers are pension funds and other large institutions that own property portfolios. They want quick access to property valuations, as well as other data, such as the energy efficiency of their buildings.

But he hopes this type of analysis could also help make the residential property and rentals markets more transparent, too.

So when your landlord says prices are rising in your area and hikes up your rent, you’ll be able to see if that’s really the case, says Mr van den Dries.

 

But not everyone is so sure about the benefits of data analytics in the commercial property market.

For example, a seller may offload a building to make a loss to offset against tax and as such will sell at a lower “rational” price, he says.

And shifts in economies thousands of miles away – China or in the Middle East, perhaps – could suddenly empty money out of a given market, without the data giving any warning.

While many large publicly owned property owners have talked about using data, many “just don’t really know where to start and are only at the start of the journey,” he says. “Commercial property is the last imperfect market.”

“Homes may be better, as they are more homogenous and could be more comparable,” he adds.

Mr van den Dries admits that there is some resistance to this new data-driven approach – a number of property owners have expressed displeasure at having their buildings benchmarked, he says.

But he, and others, remain convinced that better analysis of more data is key to a more efficient – and less mysterious – property market.

How to protect your online brand against cybersquatters

February 02, 2016 By: Dr Search Principal Consultant at the Search Clinic Category: Browser, Computers, Customer Service, Cyber Security, Google, internet, Uncategorized

Cybersquatting is buying up website addresses, or domain names, that sound very similar to existing well known brand names.

 

When Google recently launched its new parent company Alphabet, and the abc.xyz web address, there were more than 20,000 registrations by people attempting to take advantage, registering names like googlefiber.xyz or googledocs.xyz.

And in January, eBay won one of the largest cybersquatting cases, winning the ownership of more than 1,000 domains that had used its trademark.

Protecting your brand name online is of critical business importance for smaller companies as well.

The potential for cybersquatting has grown since the Internet Corporation for Assigned Names and Numbers (ICANN) – the international body responsible for co-ordinating all these addresses – began issuing hundreds of new generic top level domains (gTLDs), such as .xyz, and .nyc, as well as controversial ones like .sucks and .porn.

When ICANN proposed allowing these new generic top level domains, the trademark world was not receptive to that idea because they were so concerned about cybersquatting and poaching. Those concerns would appear to have been justified.

People were “just overwhelmed” by the number of gTLDs becoming available.

In the distant history you had .biz or .info and things like this coming online in a small round of five or six new gTLDs. Now the burden of protecting your brand online is potentially much higher as more extensions become available.

So how do you protect your brand online?

Registering it as a trademark is a good first step as it gives you more rights over related web addresses.

Under ICANN’s Trademark Clearinghouse (TMCH) rules, a domain registry must provide a “sunrise period,” during which trademarked brands registered in the TMCH can buy domains before they are publicly available.

Simply buying up lots of addresses that are variations of your brand name is one option. But this can get expensive for a small business, as domains can vary in price from 99p to several thousand pounds.

GoDaddy, a web hosting company, says: “Really, nobody has to go out and buy hundreds of domain names across their brands and keywords to protect themselves. Be thoughtful about the handful of names that are most important to you and think about registering those – ones that if you saw in the hands of your closest competitor, you wouldn’t be happy about it.”

If you think a cybersquatter has bought a domain name that infringes your trademark, you can go through ICANN’s uniform domain name dispute resolution (UDRP) system to have your case heard by a panel of experts.

“The UDRP keeps people out of court,” says the WIPO. “If you’re sitting in the United States and there’s somebody in Vietnam that’s squatting on your brand, you don’t have to go a local court.”

Another option is the uniform rapid suspension (URS) system, which is a “lighter version.”

At the end of the UDRP process, I get the domain back in my portfolio and keep it out of the hands of other infringers. Under the URS though, it just gets suspended or taken down for the duration of the registration period.

The brand owner then has the choice of trying to obtain the domain in the future or waiting to see if anyone takes it again.

The cybersquatting issue is likely to keep lawyers and dispute resolution panels busy for years to come.

TalkTalk hack to cost up to £35m

January 10, 2016 By: Dr Search Principal Consultant at the Search Clinic Category: Browser, Computers, Customer Service, Cyber Security, Hackers, internet, Search Clinic, Uncategorized

The cyber-attack on TalkTalk could cost it up to £35m in one-off costs, the company has said.

The cyber-attack on TalkTalk could cost it up to £35m in one-off costs, the company has said.

Following the hack, which divulged some 255,000 users’ financial details, all customers of the telecoms group will be offered a free upgrade.

Chief executive Dido Harding said that despite the hack, TalkTalk was “well positioned to deliver strong and sustainable long-term growth”.

The firm expects still full year results to be in line with market expectations.

TalkTalk shares were still down more than 20% compared with their pre-hack value.

She added that in recognition of the uncertainty that this had caused customers, they would be offered an upgrade.

A spokesperson said the type of upgrade offered would depend on the kind of package customers already had. For example, customers with TV packages might be offered a sports channel that they did not already have.

Customers who were financially affected directly will be free to leave TalkTalk without financial penalty. They would have to be able to show they had lost money as a result of the hack.

Customers who wish to leave for a different reason – for example, if they feel their data is not secure – would still have to pay a contract termination fee.

Some of TalkTalk’s millions of customers might have been angry enough to try to terminate their contracts when the telecommunications company first revealed details of a major data security breach last month.

But, with contracts for mobile, fixed line, broadband and television services of up to two years (always worth looking at those few lines at the bottom of the paperwork) customers found they couldn’t leave TalkTalk without incurring hefty costs.

When Dido Harding, the chief executive, first announced two weeks ago that customers would only be able to leave if they could show a “direct impact” on their bank account – a pretty high bar – investors heaved a sigh of relief and TalkTalk’s share price bounced up.

It was up again this morning – by more than 12% – as the half-year results revealed that TalkTalk was still expected to make £300m profit before tax this year. And that revenues were up 6%.

On 21 October, hackers attacked TalkTalk’s website, stealing confidential customer data including passwords and bank accounts.

The firm was initially uncertain as to the extent of the hack, but after an investigation it said last week that 157,000 of its customers’ personal details had been accessed.

Ms Harding told the BBC that it was “too early to tell” what the longer-term impact of the breach would be on the business.

“We of course saw an immediate spike in customers cancelling their direct debit, but actually after a few days we saw many of those customers reinstating their direct debits again, so time will tell, but the early signs are that customers think we are doing the right thing,” she told BBC business editor Kamal Ahmed.

MI5 boss warns of cyber terror risk

October 17, 2015 By: Dr Search Principal Consultant at the Search Clinic Category: Browser, Computers, Customer Service, Cyber Security, Personal Security, Search Clinic, Uncategorized

The serving boss of the UK’s home security agency told the Today programme it was becoming more difficult to obtain online information.

The serving boss of the UK's home security agency told the Today programme it was becoming more difficult to obtain online information.

Advances in technology are allowing terrorists to communicate “out of the reach of authorities”, head of MI5 Andrew Parker has told the BBC.

He said internet companies had an “ethical responsibility” to alert agencies to potential threats. But MI5 was not about “browsing the lives” of the public, he added.

Ministers are preparing legislation on the powers for carrying out electronic surveillance. Mr Parker, in the first live interview by a serving MI5 boss, said what should be included in new legislation was a matter “for Parliament to decide”.

MI5 boss Mr Parker also told the BBC:

The terrorism threat is the “most serious threat Britain faces in security terms”
Six alleged terror plots have been foiled in the past 12 months, which Mr Parker said was the highest number he could recall in his 32-year career “certainly the highest number since 9/11”
MI5 had to “make choices” about where to put resources, and make sure they were “focused where the sharpest threat is”
On the killers of Fusilier Lee Rigby: “There cannot be a guarantee that we will find and stop everything. That’s not possible. We can’t monitor them all the time.”
He rejected the suggestion that security service tactics can lead to radicalisation saying it was “completely untrue”
He paid tribute to the people who work at MI5 and their work “which so often goes unrecognised”

He said online data encryption was creating a situation where the police and intelligence agencies “can no longer obtain under proper legal warrant the communication of people they believe to be terrorists”.

It was a “very serious” issue, he said, adding: “It’s in nobody’s interests that terrorists should be able to plot and communicate out of the reach of authorities.”

The overall context is a terrorist threat, that MI5 says is growing, technological change and recent concerns over privacy and surveillance.

The question of whether new legislation will maintain existing capabilities against a backdrop of technological change or provide new powers will not be clear until the detail is revealed.

Much of the communications material MI5 needs is held abroad, often by US companies, and he made clear he would like more co-operation from them.

There is recognition from the security and intelligence services that justifying their intrusive capabilities will require more transparency.

That openness may be provided not just by legislation but also by speaking publicly and even coming into a BBC studio.

Mr Parker said the shape of the terror threat had changed “because of the internet and the way terrorists use social media”.

He said they were using secure and encrypted apps and the internet to “broadcast their message and incite terrorism among people who live here”.

The UK’s terror threat is rated as “severe”, which means an attack is highly likely.

Can technology keep us safe from nuisance drones?

September 15, 2015 By: Dr Search Principal Consultant at the Search Clinic Category: Computers, Cyber Security, Google, Personal Security, Uncategorized

A minority of irresponsible users has been flying drones too close to aeroplanes and helicopters; wandering into restricted military airspace; spying on neighbours; disrupting sporting events; and even injuring people.

A minority of irresponsible users has been flying drones too close to aeroplanes and helicopters; wandering into restricted military airspace; spying on neighbours; disrupting sporting events; and even injuring people.

Regulators and law enforcers are struggling to cope with the growth in their popularity, increasing the likelihood that heavy-handed legislation could stifle innovation in a sector that has great commercial potential for businesses large and small.

Drones are already being used extensively by farmers to monitor the health of their crops and livestock. Multi-spectral cameras can analyse the level of moisture in the soil, plant health, and spot areas of blight or insect infestation. This saves them time and money and can help improve crop yields.

Advanced drones equipped with high-definition rotatable cameras, anti-shake technology, and the ability to track fast-moving action, are offering spectacular aerial photography and film-making capabilities for the news and creative media sectors.

Drones can reach places that are difficult and dangerous for humans to get to, and this is proving very useful in industry. Drones are now inspecting oil rigs, gas pipelines, electricity networks, chimneys, wind turbines, nuclear facilities, roofs – even underwater structures and cables. They are also useful for creating 3D maps of rural and urban landscapes.

The latest drones also allow users to specify the geo-fence area, reducing the chance of inexperienced pilots losing control and flying their drones into people or buildings.

While “return-to-home” and geo-fencing features are a step in the right direction, the proliferation of drones in our skies is likely to need a more comprehensive approach to policing and safety.

In the US, Nasa (the National Aeronautics and Space Administration) is co-ordinating the development of a traffic management system for unmanned aerial vehicles (UAVs) that fly below 500ft (152m).

When there are hundreds of low-flying drones carrying out a range of duties, from deliveries to traffic monitoring, disaster relief to building inspections, we are going to need “sense-and-avoid” systems so they don’t crash into each other, as well as flight corridors similar to those used by passenger aircraft.

Such a system will also need bang up-to-date terrain maps, dynamic route planning and weather data integration. Not surprisingly then, Nasa thinks a prototype of its traffic management system will not be ready before 2019.

But how do you police drone use effectively?

The CAA regulations are clear: the operator of a hobby drone must keep the drone in sight at all times and not fly it above 400ft. If it’s a surveillance drone, you cannot fly it over or within 150m of any congested area or organised open-air assembly of more than 1,000 people.

But given that the latest, most sophisticated drones have a range of up to two miles and can be programmed to fly automatically along prescribed routes, enforcing such rules is no easy task.

Only a few irresponsible drone users have been prosecuted so far around the world, and no-one has yet been sent to prison.

Until the police have the means to identify drones remotely, and access to a central database of owners, it is hard to see how they will be able to catch the growing number of miscreants.

Android’s biggest update ever to fix security flaws

August 24, 2015 By: Dr Search Principal Consultant at the Search Clinic Category: Android, Cyber Security, data security, Google, Hackers, mobile phones, Samsung, Uncategorized

Last month a major bug was discovered in the Android software that could let hijackers access data on up to a billion phones.

Last month a major bug was discovered in the Android software that could let hijackers access data on up to a billion phones.

Samsung, LG and Google have pledged to provide monthly security updates for smartphones running the Android operating system.
Manufacturers have been slow to roll out a fix because many variations of Android are widely used.
h3:::
One Android expert said it was “about time” phone makers issued security fixes more quickly as Android is the most widely-used mobile operating system

Android has been working to patch a vulnerability, known as Stagefright, which could let hackers access a phone’s data simply by sending somebody a video message.

“My guess is that this is the single largest software update the world has ever seen,” said Adrian Ludwig, Android’s lead engineer for security, at hacking conference Black Hat.

LG, Samsung and Google have all said a number of their handsets will get the fix, with further updates every month.

Android is an open source operating system, with the software freely available for phone manufacturers to modify and use on their handsets.

The Google-led project does provide security fixes for the software, but phone manufacturers are responsible for sending the updates to their devices.

Some phones running old versions of Android are no longer updated by the manufacturer. Many companies also deploy customised versions of Android which take time to rebuild with the security changes.

Apple and BlackBerry can patch security problems more quickly because they develop both the software and the hardware for their devices.

BlackBerry’s software is reviewed by mobile networks before being sent to handsets, while Apple can push updates to its phones whenever it wants.
Some phone-makers add their own software to Android

“The very nature of Android is that manufacturers add their own software on top, so there have been delays in software roll-outs,” said Jack Parsons, editor of Android Magazine.

“In the US it’s even worse because mobile carriers often add their own software too, adding another layer of bureaucracy holding up security fixes.

FBI warns on airline hacking threat

May 23, 2015 By: Dr Search Principal Consultant at the Search Clinic Category: Computers, Cyber Security, data security, Hackers, Search Clinic, Technology Companies

The USA’s Federal Bureau of Investigation (FBI) has issued a formal alert warning airlines to be on the lookout for hackers.

Federal Bureau of Investigation (FBI) has issued a formal alert warning airlines to be on the lookout for hackersIt follows an onboard tweet from security expert Chris Roberts, who joked about being able to hack into a United Airlines plane’s wi-fi network.

A terrorist could theoretically take over systems that fly a plane by compromising equipment at their seat as an increasing number of airlines are offering onboard wi-fi to customers.

The FBI and the US Transportation Security Administration (TSA) said they had no information to support claims a plane’s navigation system could be interfered via its onboard wi-fi kit, but added that they were evaluating the evidence.

In a private industry notification posted on its website and reported by Wired magazine, the FBI advised airlines to:

  • report any suspicious activity involving travellers connecting unknown cables or wires to the in-flight entertainment (IFE) system
  • report any evidence of suspicious behaviour following a flight, such as IFE systems that show evidence of tampering or the forced removal of covers to network connection ports
  • report any evidence of suspicious behaviour concerning aviation wireless signals, including social media messages with threatening references to onboard network systems, automatic dependent surveillance systems (ADS-B), aircraft communications addressing and reporting systems (ACARS) and air traffic control networks
  • review network logs from aircraft to ensure any suspicious activity, such as network scanning or intrusion attempts, would be captured for further analysis

In his tweet, Mr Roberts suggested that he might be able to deploy the oxygen masks on the flight.

Chris Roberts’s tweet:

On arrival at Syracuse airport, Mr Roberts – who is co-founder of security company One World Labs – was taken in for questioning by the FBI, and his laptop and other devices were seized.

A few days later, he was prevented from boarding a flight to California.

He had previously given a number of interviews, explaining the possible weak points in airline systems, telling CNN that he could connect to a computer under his seat to view data from the aircraft’s engines, fuel and flight-management systems.

Security experts have warned for some years that airlines are a possible target for hackers.

Planes including the Boeing 787 Dreamliner and the Airbus 350 and A380 have a single network that is used by both pilots to fly the plane and by passengers for their wi-fi connections.

Although there were currently no publicly known vulnerabilities that a hacker could exploit, such an attack remained “theoretically possible” because all networks were inherently insecure.

Wi-fi is now common on many airlines, and most have relaxed the rules surrounding the use of gadgets during flights.

Computer communication encryptions are a problem for police

March 30, 2015 By: Dr Search Principal Consultant at the Search Clinic Category: Computers, Cyber Security, data security, Social Media, Social Networking, Technology Companies, Telecommunications Companies, Uncategorized

Encrypted communications are the biggest problem for police, says Europol’s police chief.

Computer communication encryptions are a problem for policeThe European police chief says the sophisticated online communications are the biggest problem for security agencies tackling terrorism.

Hidden areas of the internet and encrypted communications make it harder to monitor terror suspects, warns Europol’s Rob Wainwright.

Tech firms should consider the impact sophisticated encryption software has on law enforcement, he said.

There is a significant capability gap that has to change if we’re serious about ensuring the internet isn’t abused and effectively enhancing the terrorist threat.

Mr Wainwright said that in most current investigations the use of encrypted communications was found to be central to the way terrorists operated.

“It’s become perhaps the biggest problem for the police and the security service authorities in dealing with the threats from terrorism,” he explained.

“It’s changed the very nature of counter terrorist work from one that has been traditionally reliant on having good monitoring capability of communications to one that essentially doesn’t provide that anymore.”

Mr Wainwright, whose organisation supports police forces in Europe, said terrorists were exploiting the “dark net”, where users can go online anonymously, away from the gaze of police and security services.

But he is also concerned at moves by companies such as Apple to allow customers to encrypt data on their smartphones.

And the development of heavily encrypted instant messaging apps is another cause for concern, he said. This meant people could send text and voice messages which police found very difficult or impossible to access, he said.

“We are disappointed by the position taken by these tech firms and it only adds to our problems in getting to the communications of the most dangerous people that are abusing the internet.

“Tech firms are doing it, I suppose, because of a commercial imperative driven by what they perceive to be consumer demand for greater privacy of their communications.”

Mr Wainwright acknowledged this was a result of the revelations by former National Security Agency contractor Edward Snowden, who exposed how security services were conducting widespread surveillance of emails and messages.

He said security agencies now had to work to rebuild trust between technology firms and the authorities.

The extent of the challenge faced by security services is shown in the scale of social media use by IS.

The programme also found evidence that supporters of ISIS are using encrypted sites to radicalise or groom new recruits.

Mr Wainwright revealed that ISIS is believed to have up to 50,000 different Twitter accounts tweeting up to 100,000 messages a day.

Europol is now setting up a European Internet Referral Unit to identify and remove sites being used by terrorist organisations.

Mr Wainwright also says current laws are “deficient” and should be reviewed to ensure security agencies are able to monitor all areas of the online world.

“There is a significant capability gap that has to change if we’re serious about ensuring the internet isn’t abused and effectively enhancing the terrorist threat.

“We have to make sure we reach the right balance by ensuring the fundamental principles of privacy are upheld so there’s a lot of work for legislators and tech firms to do.”

Cyber criminals raided by police

March 06, 2015 By: Dr Search Principal Consultant at the Search Clinic Category: Computers, Cyber Security, data security, Dr Search, Hackers, internet, Personal Security, Search Clinic, Technology Companies, Uncategorized

The UK’s National Crime Police Agency has arrested 56 suspected hackers in part of a “strike week” against cybercrime.

The UK's National Crime Agency has arrested 56 suspected hackers as part of a strike week against cybercrimeIn total, 25 separate operations were carried out this week across England, Scotland and Wales. Those arrested are suspected of being involved in a wide variety of cybercrimes including data theft, fraud and virus writing.

The week long series of operations was co-ordinated by the NCA’s National Cyber Crime Unit (NCCU) as well as specialist officers from regional organised crime squads and the Metropolitan Police.

West Midlands police arrested a 23 year old man in Sutton Coldfield who is believed to have been involved in breaking into the network of the US defence department in June 2014.

The biggest operation saw the arrest of 25 people in London and Essex suspected of using the net to steal money, launder cash and carry out other frauds.

The hackers behind that attack stole contact information for about 800 people and data on the network’s internal architecture was also pilfered.
line

The action also resulted in the arrest of people thought to be part of some well known hacking groups.

In Leeds, a suspected member of the Lizard Squad group was arrested, and in London a 21-year-old man was taken into custody on suspicion of being part of the D33Ds Company hacking collective.

The D33Ds group is believed to have been behind a 2012 attack on Yahoo that stole more than 400,000 email addresses and passwords subsequently published online.

Investigations about suspects in Sutton Coldfield, Leeds and Willesden were aided by forensic information provided by the FBI.

The other actions targeted alleged phishing gangs, intellectual property thieves, users of financial malware, companies that offer hosting services to crime groups, and many people who took part in so-called DDoS (distributed denial of service) attacks in an attempt to knock websites offline.

One 21-year-old man from County Durham allegedly knocked out the Police Scotland website mounting such a DDoS attack.

“Criminals need to realise that committing crime online will not render them anonymous to law enforcement,” said Andy Archibald, deputy director of the NCCU. “It’s imperative that we continue to work with partners to pursue and disrupt the major crime groups targeting the UK.”

In addition, this week the NCA coordinated visits to 70 firms to inform them about how vulnerable their servers were to attack and how they could be used by cyberthieves to send out spam or act as proxies for other attacks.

The strike week also involved four forces setting up pop-up shops to give advice to the public about staying safe online and to get their devices checked to make sure they are free of malware and other digital threats.

The problems of cyber security for small businesses

February 24, 2015 By: Dr Search Principal Consultant at the Search Clinic Category: Computers, Customer Service, Cyber Security, data security, Dr Search, Ecommerce, Hackers, Search Clinic, Technology Companies, Uncategorized

The growing problem of cyber security is becoming a big headache for small businesses.

The growing problem of cyber security is becoming a big headache for small businesses.Figures from Sophos suggest about 30,000 websites a day are being compromised by cyber hackers – most of those will be the public face of one SME or others.

Becoming a victim of a hack or breach costs smaller firms between £65,000 and £115,000, according to the PWC survey of the worst data breaches among small firms. Those worst hit will suffer up to six breaches a year, PWC suggested, so the total cost could be even higher.

For a smaller firm finding that much cash to clean up after a breach could mean the difference between keeping trading and going bust.

This lack of focus on cyber security is understandable, as most small and medium-sized enterprises (SMEs) spent most of their time on core commercial activity such as keeping customers happy, seeking out new clients and engaging in all the basic day-to-day admin needed to keep their enterprise afloat.

So worrying about computer security comes a long down their To Do lists.

However, ecommerce, websites, apps, smartphones, tablets, social media and cloud services were all now standard ways of doing business in the 21st century, he said.

Additionally, there were some SMEs that were based entirely around technology but that did not make them experts in how to keep their digital business secure.

Either way, everyone is a target and they all need to look externally to security firms for help.

Everyone is familiar with attempts to penetrate internal networks to steal payment information or customer data records but may be less knowledgeable about invoice fraud, ransomware, malvertising, or even attacks that “scrape” websites with automated tools to steal all the information about prices and products they contain.

Estimates vary on how much SMEs spend on IT security.

The most recent government figures published 18 months ago suggest SMEs with 100 or more employees spend about £10,000 per year. The smallest small firms, with less than 20 staff, spend about £200. Other estimates put the spend at about £30 per employee.

SMEs should start with the basics.

This includes anti-virus software, firewalls, spam filters on email gateways and keeping devices up to date. This, would defeat the majority of the low level threats that those busy cyber thieves are churning out.

Government advice on how SMEs can be safer revolves around a 10 steps programme that emphasises basic, good practice. It’s big on those simple steps such as keeping software up to date and applying the widely used software tools that can spot and stop the most prolific threats.

But it also stresses that smaller firms understand more about how they use data and how it flows around their organisation.

Having a good sense of where data goes and who uses it can help limit the damage if it goes astray.

Having control of that data, knowing its value and where it is going, can help a company guard against it leaking out accidentally and maliciously. For instance, having that control might help a firm spot that a server was accidentally exposed to the net and private information was viewable by anyone.

It can also help SMEs keep an eye on their suppliers and partners to ensure that data is handled appropriately.

And finally, said Mr Harrison from Exponential-e, firms need to put in place a plan for what happens when a breach or security incident does occur.

“It’s not a question of if something bad will happen,” he said. “It will, but it’s all about what they do about it.”