In conjunction with National Cyber Security Awareness Month, the National Cyber Security Alliance and Symantec have released a survey on U.S. small business owners and their false sense of cybersecurity.
According to the results of the survey, 77 percent of small businesses say their company is safe from cyber threats such as hackers, viruses, malware or a cybersecurity breach. The interesting part of the findings, however, is that 83 percent admit to having no formal cybersecurity plan.
As small businesses rely continuously more and more on the Internet for daily operations, it doesn’t make much sense as to why they’re not taking the necessary measures to ensure their business’ safety.
“We want U.S. small businesses to understand they cannot completely remain safe from cyber threats if they do not take the necessary precautions,” said Michael Kaiser, executive director of the National Cyber Security Alliance. “A data breach or hacking incident can really harm SMBs and unfortunately lead to a lack of trust from consumers, partners and suppliers. Small businesses must make plans to protect their businesses from cyber threats and help employees stay safe online.”
In a company release, Symantec notes that the survey findings revealed some disparities such as “the need for establishing Internet security policies and practices, handling and responding to data breaches and providing consistent IT/security management at their businesses.”
Notable findings from the survey include:
- 87 percent of small businesses have no formal written Internet security policy for employees.
- 69 percent don’t even have an informal Internet security policy.
- 70 percent have no policies for employee social media use.
One would think that small businesses would have learned by now the importance of cybersecurity. After all, Verizon Business reported just one year ago that 2011 had the second-highest data loss total since they started keeping track in 2004.
According to Verizon Business report, the number of compromised records rose to an all-time high of 174 million.
With information such as these reports available to companies, it’s quite shocking that small businesses today do not implement some form of safety precautions against a cyber-attack.
Especially when, according to the survey, 73 percent say a safe and trusted Internet is critical to their success. Additionally, 77 percent say a strong cybersecurity and online safety posture is good for their company’s brand.
Yet, despite what they may say, six out of 10 small businesses report not having a contingency plan outlining procedures for responding and reporting data breach losses.
Unfortunately, the most jaw dropping part of the findings was that 66 percent of small businesses are not concerned about cyber threats – either external or internal.
“It’s terrifying that the majority of U.S. small businesses believe their information is protected, yet so many do not have the required policies or protection in place to remain safe,” said Brian Burch, vice president of Americas Marketing for small businesses, at Symantec.
“Almost 40 percent of the over 1 billion cyberattacks Symantec prevented in the first three months of 2012 targeted companies with less than 500 employees. And for the small, poorly protected companies that suffer an attack, it’s often fatal to their business,” added Burch.
As stated in the company release, small businesses can improve their online safety practices with 8 simple ways to stay safe online:
- Know what you need to protect
- Enforce strong password policies
- Map out a disaster preparedness plan today
- Encrypt confidential information
- Use a reliable security solution
- Protect information completely
- Stay up to date
- Educate employees
Fortunately, the report ends on a positive note stating that companies “born out of the recession are leading by example,” with 20 percent more likely to have a written plan in place than older small businesses.