A report from the National Cyber Security Alliance and Symantec finds cost-conscious businesses are not doing enough to protect themselves and their customers from security threats.
Small business owners' cyber-security policies and actions are not adequate
enough to ensure the safety of their employees, intellectual property and
customer data, according to the 2009 National Small Business Cybersecurity
The study, co-sponsored by the National Cyber Security Alliance and security
giant Symantec as part of this year's National Cyber Security Awareness Month,
surveyed nearly 1,500 small business owners across the United
States about their cyber-security awareness
policies and practices.
The survey confirmed that small businesses today are handling valuable
information-65 percent store customer data, 43 percent store financial records,
33 percent store credit card information, and 20 percent have intellectual
property and other sensitive corporate content online. It was also discovered
that 65 percent of those polled in the business survey claimed the Internet was
critical to their businesses' success but are doing very little to ensure that
their employees and systems are not victims of a data breach.
The report revealed discrepancies between needs and actions regarding
security policies and employee education on security best practices. According
the survey, only 28 percent of U.S.
small businesses have formal Internet security policies and just 35 percent
provide any training for employees about Internet safety and security. At the
same time, 86 percent of these firms do not have anyone solely focused on
information technology security. For those small businesses that do provide
cyber-security training, 63 percent provide less than 5 hours per year.
"The 20 million small businesses in the U.S.
are a critical part of the nation's economy. While small business owners
may understandably be focused on growing their business and the bottom line, it
is imperative to understand that a cyber-security incident can be disruptive
and expensive," said NCSA Executive Director Michael Kaiser. "To the millions
of very savvy entrepreneurs across our nation, our message is simple: Being
smart about the online safety of your employees, business and customers is a
critical part of doing business. Cyber-security is not a nice-to-have for
American businesses; it is critical to their survival."
The study found that while more than nine in 10 small businesses said they
believe they are safe from malware and viruses based on the security practices
they have in place, only 53 percent of firms check their computers on a weekly
basis to ensure that antivirus, anti-spyware, firewalls and operating systems
are up-to-date and 11 percent never check them. Three-quarters of small
businesses said they use the Internet to communicate with customers, yet only 6
percent said they fear the loss of customer data and only 42 percent believe
that their customers are concerned about the IT security of their business.
"Security threats are becoming more complex, and employees
of small businesses are increasingly the target of attacks that expose their
organizations to data loss," said Symantec's vice president of global solutions
and programs, Sheri Atwood. "Security awareness and education, combined with a
comprehensive security solution, can empower small businesses and their
employees to protect themselves and their information."