The State’s underutilised Online Trading Voucher scheme needs to be made available to help Ireland’s unprepared small businesses comply with GDPR legislation, according to a leading industry expert.
Less than 2% of Ireland’s eligible companies have availed of the scheme, which is designed to help small businesses to trade online through grants of up to €2,500 along with training and advice.
Magnet Networks CEO Mark Kellett has called on the scheme, which has been accessed by 4,250 businesses since its inception, to be diverted as a matter of urgency to securing the safety of small enterprises as the GDPR deadline looms.
To qualify for the scheme, businesses must have 10 employees or less (of which there are 228,160 in the State according to the CSO), have a turnover of under €2m and be trading for at least 12 months.
“This fund has been totally underused and the State now needs to recognise the biggest potential online threat to small business and act to protect the sector by providing adequate training for GDPR,” said Mr Kellett. “Our recent Magnet Networks cyber security awareness survey showed that Ireland’s SMEs are largely unprepared for GDPR. 48% of all businesses surveyed had no cyber security policy in place – but this grew to 68% in firms with less than 10 employees.
“There is no point in a company trading and marketing online by using personal information that is illegal under the upcoming legislation. Based on the enquiries that we are receiving, we are finding that the SME sector is unprepared for GDPR with the most common statement being ‘I get it, but my board doesn’t’.
“The way we view stored data is about to change massively, and it is going to have a huge impact on the way that SMEs do business – they are as likely to be reported as larger entities, and less likely to have protection. Unfortunately, small companies such as estate agents or interior designers, who have built up databases of customers who bought from them three or four years ago, could be exposed if they indulge in follow-up marketing.
“Any construction or household services companies who have stored customers’ PPN numbers and bank details as part of the application process for the Home Renovation Initiative can now be seen as having all the tools necessary to commit a fraud. Businesses that interact with the public will have to tighten security around guest Wi-Fi access to ensure that there can be no breaches of information.
“Quite simply, you can buy all the software you want but you have to educate yourself in GDPR best practice, and, unfortunately, if you cannot prove compliance, you won’t be able to bid for certain contracts. The difficulty for businesses will be in controlling information and preventing data being shared without the organisation’s consent.
“Companies need to have a next-generation application-aware firewall along with advanced endpoint protection and local real-time analysis on each machine… Our latest Cyber Security survey found that only 42% of businesses are aware of their obligations regarding the upcoming GDPR compliance. Only 13% of respondents think that their business is very secure – and in the absolute world of cyber attacks you are either totally secure or you are vulnerable in some way.”