EU must educate SMEs on IT security

Awareness of security threats has been raised by large-scale attacks

The European Union (EU) must co-ordinate efforts to educate the small business community about IT security if it is to keep its place as one of the world’s most advanced digital economies.

Brussels needs to ensure all member state governments are addressing the problem at home as well as providing continent-wide oversight, says the European Network and Information Security Agency (Enisa).

The IT security situation is particularly serious for the small and medium-sized enterprise (SME) sector, according to Enisa security expert Marco Thorbruegge.

“Many EU member states do not have any advice for smaller firms, and it is critical that more information is disseminated,” he said.

According to Enisa’s latest figures, published last week, nearly half of member states have no mechanisms for sharing best practice for SMEs. And less than one in five countries has any kind of dedicated IT security advisory service.

Smaller firms are disproportionately affected. Despite the efforts of advisory body Get Safe Online in the UK, 44 per cent of SMEs were hit by cyber crime last year, more than a third of which were virus attacks.

Enisa recommends member states’ organisations actively disseminate information through seminars, training days, emails and post alerts, rather than simply create a static source of web-based information. And Brussels’ role should be to co-ordinate activities across the whole region.

Any EU initiative must avoid overlapping current schemes, said Get Safe Online managing director Tony Neate.

“The aim to help small businesses safeguard their reputation as well as their finances is an important one, but the EU must work around current initiatives to avoid confusing people,” he said.

Awareness of IT security threats has been raised by large-scale cyber attacks last year on member states including Estonia, Germany and the UK.

The issue is also central to the European Commission’s i2010 strategy, under which the region aims to be the world’s most competitive knowledge economy within two years.

“The availability, reliability and security of networks and information systems are increasingly central to our economies and to the fabric of society,” said last year’s i2010 progress report.