Small Business Retailers Lack Security Requirements: Fortinet
While almost three-fifths (59 percent) of SMB retailers have a data disposal policy in place, 29 percent lack any established data disposal plan.While a majority of small business retailers are aware of an increasingly complex threat and regulatory environment and are applying best security practices and compliance policies to keep safe, more than one in five retailers (22 percent) are not compliant with payment card industry data security standard (PCI DSS), according to a survey sponsored by Fortinet. An additional 14 percent of the 100 small and midsize business (SMB) organizations surveyed don’t know if they are PCI compliant or not, and more than half (55 percent) of surveyed retailers are unaware of their state’s security breach requirements, while 40 percent lack any established policy adhering to those requirements. The survey also indicated that SMB retailers would be more likely to consider retail analytics if they were more knowledgeable about the technology. Of the 41 percent that said they are unfamiliar with retail analytics, almost half (49 percent) express that they would like to someday use the technology. More than half (53 percent) of retailers said they are managing and maintaining their own security infrastructure on-site. However, 18 percent of retailers are now also relying on a managed security services provider (MSSP) to augment their security defenses, while another 29 percent are looking to move more security functions to a third party managed service provider.
Eighty percent of retailers said they want to see physical security infrastructure, such as video cameras, DVRs and alarm systems, housed in a single device that also manages network security mechanisms such as firewall, virtual private network (VPN), anti-virus and Web application firewall.