U.S. small business owners or operators have a false sense of cybersecurity as more than three-fourths (77% say their company is safe from cyber threats such as hackers, viruses, malware or a cybersecurity breach, yet 83% have no formal cybersecurity plan.
These findings are from a new survey of 1,015 U.S. small- and medium-sized businesses (SMBs) by the National Cyber Security Alliance (NCSA) and Symantec. (The full survey is available at: http://www.staysafeonline.org/stay-safe-online/resources/ .)
This annual survey is being released in conjunction with National Cyber Security Awareness Month, a coordinated national effort focused on improving online safety and security for all Americans. The survey findings reveal some disparities such as the need for establishing Internet security policies and practices, handling and responding to data breaches, and providing consistent IT/security management at their businesses. Although SMBs increasingly rely on the Internet for daily operations, they are not taking the necessary measures to keep their businesses safe and secure,
Seventy-three percent of SMBs say a safe and trusted Internet is critical to their success, and 77%say a strong cybersecurity and online safety posture is good for their company's brand. However, nearly six out of 10 (59%) SMBs don't have a contingency plan outlining procedures for responding and reporting data breach losses.
What's more, 63% of SMBs aren't concerned about cyber threats -- either external or internal. External threats include a hacker or cyber-criminal stealing data while internal threats include an employee, ex-employee, or contractor/consultant stealing data.
"We want U.S. small businesses to understand they cannot completely remain safe from cyber threats if they do not take the necessary precautions," says Michael Kaiser , executive director of the National Cyber Security Alliance. "A data breach or hacking incident can really harm SMBs and unfortunately lead to a lack of trust from consumers, partners and suppliers. Small businesses must make plans to protect their businesses from cyber threats and help employees stay safe online."
"It's terrifying that the majority of U.S. small businesses believe their information is protected, yet so many do not have the required policies or protection in place to remain safe," adds Brian Burch , vice president of Americas Marketing for SMB, at Symantec. "Almost 40% of the over 1 billion cyberattacks Symantec prevented in the first three months of 2012 targeted companies with less than 500 employees. And for the small, poorly protected companies that suffer an attack, it's often fatal to their business."
Additional survey findings revealed the disparities between online safety perceptions and actual practices, which include:
° Eighty-seven percent of SMBs do not have a formal written Internet security policy for employees, while 69 percent don't even have an informal Internet security policy. While social media is an increasingly popular vector for phishing attacks, 70% of SMBs don't ave policies for employee social media use.
° Eighty-six percent of SMBs say they're satisfied with the amount of security they provide to protect customer or employee data. Additionally, 83% strongly or somewhat agree that they are doing enough or making enough investments to protect customer data. Yet, Visa reports small businesses represent more than 90% of the payment data breaches reported to the company.
° On a positive note, companies born of the recession are leading by example. Companies born since 2008 are almost 20% more likely than older small businesses to have a written plan in place for keeping their business secure from cyber threats.
Small businesses can improve their online safety practices in a number of areas, especially when it comes to establishing policies and protocols for safe Internet use, with these simple ways to stay safe online:
° One data breach could mean financial ruin for an SMB. Look at where your information is being stored and used, and protect those areas accordingly.
° Enforce strong password policies: Passwords with eight characters or more and use a combination of letters, numbers and symbols (e.g., # $ % ! ?) will help protect your data.
° Don't wait until it's too late. Identify your critical resources, use appropriate security and backup solutions to archive important files, and test frequently.
° Implement encryption technologies on desktops, laptops and removable media to protect your confidential information from unauthorized access, providing strong security for intellectual property, customer and partner data.
° Use a reliable security solution. Today's solutions do more than just prevent viruses and spam; they scan files regularly for unusual changes in file size, programs that match known malware, suspicious e-mail attachments and other warning signs.
° It's more important than ever to back up your business information. Combine backup solutions with a robust security offering to protect your business from all forms of data loss.
° A security solution is only as good as the frequency with which it's updated.
° Develop Internet security guidelines and educate employees about Internet safety, security and the latest threats, as well as what to do if they misplace information or suspect malware on their machine.