The digital security authority issued online safety advice to businesses on Monday, citing a Eurobarometer report that showed more small and medium sized (SMEs) establishments in Cyprus fell victim to different types of cybercrime than the EU average.

The most common way in which Cyprus SMEs fall victim to cybercrime is scams and frauds (52 per cent), the highest rate in the EU and almost double the EU average of 28 per cent.

The survey was requested by the directorate-general for migration and home affairs, and Ipsos European Public Affairs conducted 12,863 interviews with SMEs of EU country members, between 26 November and 17 December 2021.

The report showed that 28 per cent of European SMEs have experienced at least one type of cybercrime in that year, explaining how the coronavirus pandemic led to an increased digital transformation for those enterprises and thus to a higher exposure to cybercriminal activities. It also looked into the cybercrime impacts as well as the extent of businesses’ awareness and concerns about the risks among others.

Other major cybercrime problems faced by Cyprus SMEs concern phishing, account takeover or impersonation attacks, standing at 16 per cent, higher than the EU average at 11 per cent. Viruses, spyware or malicious software (excluding ransomware) accounted for 8 per cent of issues, lower than EU’s 14 per cent.

Password cracking was also a common problem in Cypriot SMEs at 24 per cent, which is the 5th highest rate in the EU with the EU average of 19 per cent.

Cyprus had the highest percentage of employees using their personal devices for work purposes.

In total 74 per cent of Cypriot SMEs surveyed reported their employees use personally owned devices to carry out business-related activities, a percentage significantly higher than the EU average of 48 per cent.

Small to medium sized business are those that employ between one to 249 people.

To prevent such attacks, following the publication of the Eurobarometer results in May, the digital security authority warned all companies to beware of emails from unknown senders, not open any attached files or links and check the correctness of the email address even if the sender of the email is known.

Businesses were also advised to have appropriate anti-virus software installed, capable of protecting their entire network range and equipment and to not disclose passwords either by telephone or online.

Passwords must be over 12 characters long and contain a combination of capital letters, small letters, symbols and numbers to make them stronger, the authority said, adding that businesses should change passwords frequently.

It also suggested for companies to add password verification (also known as two-factor authentication), adding an extra layer of security to the account in case of password theft.

The authority added that it carried out a similar survey on cybersecurity issues in business at national level in cooperation with the Cyprus Chamber of Commerce (Keve).

The survey aimed to assess the needs of businesses with a view to planning training seminars on cybersecurity issues which will take place as part of actions of the National cyber security strategy.