BUSINESS leaders, backed by police and an MP, are warning small firms are not doing enough to protect themselves or customers.

Headline speaker at Making the Business Case for Cyber Security at Harwell Campus tomorrow is Nicola Blackwood, MP for Oxford West and Abingdon and Under-Secretary of State for Public Health and Innovation.

Attacks on businesses are dangerous for customers, according to Sue Staunton, partner and technology team head at Oxford accountants James Cowper Kreston.

She said: “The way we transact business as individuals is very much online, therefore, our records are being looked after by small and medium-sized firms.

“If you order a book from an independent trader, you are trusting that small firm with your personal information.”

Tomorrow’s conference is organised by government-backed Oxford Cyber Security Cluster, whose members include Oxford University, Thames Valley Police.

Speakers will highlight a recent report from the Institute of Directors and Barclays, which showed firms understand the cyber security threat but few tackle it.

New legislation coming into force next May will force firms to become more accountable.

The General Data Protection Regulation will mean bigger fines for allowing customer’s details to be stolen and force them to report breaches.

Although the law was passed last year, most firms know nothing about it, according to OCSC manager Stewart Benger.

He said: “Business owners have to think about 100 other things to keep the business running, so they never get around to doing anything about cyber security.”

Sue Staunton said: “They are not taking the situation seriously because they can’t see who potential attackers are.

“Before everyone linked to the internet, if you had a shop, you could lock it up overnight but now it’s more difficult to conceptualise what you should do.”

Most crimes involve staff accidentally helping criminals, such as where emails with fake letterheads pretend to be suppliers and demand payment.

Others persuade staff to click on a link, giving criminals access to a firm’s network to steal databases, plant malware or freeze its systems.

Ms Staunton said: “Cyber criminals are becoming more sophisticated and it’s not just about trying to make money.

“Some want to create damage just because they can.”