With a week until GDPR hits, there is a correlation between ‘bring your own device’ (BYOD) schemes and increased cybersecurity risk in small businesses, according to new research.
The study, from Paymentsense (https://www.paymentsense.co.uk) reveals Six in 10 (61%) SMEs have experienced a cybersecurity incident since introducing a BYOD policy, according to the study from the merchant services provider*.
Increasingly popular, BYOD policies see employees using personal devices like laptops, tablets and smartphones for work, as well as for their general day-to-day activities. Some businesses believe it brings productivity gains and cost-savings, and the BYOD and the global enterprise mobility market is estimated to reach USD 73.30 billion by 2021.
The Paymentsense study revealed that BYOD schemes are prevalent across small businesses of all sizes, but larger SMEs are more likely to employ such a policy. For microbusinesses of up to 10 staff, the rate is 40%, increasing to 51% for businesses of between 51 and 100 people, and then again to 69% in businesses of 101 to 250 people.
Worryingly, Paymentsense found that as BYOD popularity increases, so do cybersecurity incidents. Just one in seven (14%) microbusinesses (up to 10 staff) reported a cybersecurity incident since implementing BYOD, but this figure rises significantly to 70% for business of 11 to 50 people, and again to 94% for SMEs of 101 to 250 people.
The most common cybersecurity incident suffered by respondents over the last 12 months was malware, which affected two thirds (65%) of SMEs, followed by viruses (42%), distributed denial of service (26%), data theft (24%) and phishing (23%).
Chafic Badr, Head of Digital at Paymentsense, comments: “Although our study shows the popularity of BYOD amongst small businesses, it’s alarming to see so many reporting incidents since implementing these schemes. As with all cybersecurity issues, the biggest factor is the human one – employees need to be aware of their responsibilities and the risks associated with a BYOD system. This is particularly important when you consider personal data responsibilities in the post-GDPR landscape – our GDPR compliance notes for small business owners expands further.
Business owners should create concise guidelines to help staff use best security practices in their daily activities – both within the office and outside. It’s also worth remembering that when mobile device users are away from work, susceptibility to threats such as phishing tends to increase. We’ve created a cybersecurity guide for small business owners as a starting point. Regular engagement and communication with staff at all levels is important – business owners can’t afford to assume all staff will educate themselves to the right standard. If mistakes are made, having an incident response plan clarifies responsibilities and ensures the timely action is taken to contain and control the situation.”
Top 10 SME cybersecurity incidents (last 12 months)
1. Malware 65%
2. Virus 42%
3. Distributed Denial of Service 26%
4. Data theft 24%
5. Phishing 23%
6. Identity theft 16%
7. Social engineering / scams 15%
8. Hacking 12%
9. Cyber ransom demands 5%
10. Other 1%
How to protect your business from cybercrime
A small business guide to GDPR
* Commissioned research took place in January 2018 amongst a nationally representative sample of 504 small business owners.