Tuesday, October 27, 2009

Study Finds U.S. Small Businesses Lack Cybersecurity Awareness and Policies

/PRNewswire/ -- Small business owners' cybersecurity policies and actions are not adequate enough to ensure the safety of their employees, intellectual property and customer data, according to the 2009 National Small Business Cybersecurity Study. The study, co-sponsored by the National Cyber Security Alliance (NCSA) and Symantec [Nasdaq: SYMC], as part of this year's National Cyber Security Awareness Month, surveyed nearly 1,500 small business owners across the United States about their cybersecurity awareness policies and practices.

The survey confirmed that small businesses today are handling valuable information - 65 percent store customer data, 43 percent store financial records, 33 percent store credit card information, and 20 percent have intellectual property and other sensitive corporate content online. 65 percent of the business survey claimed that the Internet was critical to their businesses success yet they are doing very little to ensure that their employees and systems are not victims of a data breach.

The survey shows discrepancies between needs and actions regarding security policies and employee education on security best practices. Only 28 percent of U.S. small businesses have formal Internet security policies and just 35 percent provide ANY training to employees about Internet safety and security. At the same time, 86 percent of these firms do not have anyone solely focused on information technology (IT) security. For those small businesses that do provide cybersecurity training, 63 percent provide less than 5 hours per year.

The lack of focus on cybersecurity awareness and education on the part of U.S. small businesses can lead to the loss of vital customer and company data. The study found that while more than 9 in 10 small businesses said they believe they are safe from malware and viruses based on the security practices they have in place, only 53 percent of firms check their computers on a weekly basis to ensure that anti-virus, anti-spyware, firewalls and operating systems are up-to-date and 11 percent never check them.

"The 20 million small businesses in the U.S. are a critical part of the nation's economy. While small business owners may understandably be focused on growing their business and the bottom line, it is imperative to understand that a cybersecurity incident can be disruptive and expensive," said NCSA Executive Director Michael Kaiser. "To the millions of very savvy entrepreneurs across our nation, our message is simple - being smart about the online safety of your employees, business and customers is a critical part of doing business. Cybersecurity is not a nice thing to have for American businesses, it is critical to their survival."

Meanwhile, small businesses seem out of sync with some Internet security risks. 75 percent of small businesses said that they use the Internet to communicate with customers yet only 6 percent fear the loss of customer data and only 42 percent believe that their customers are concerned about the IT security of their business. What's more, 56 percent of small businesses believe cybersecurity is the cost of doing business while 21 percent believe it is just "a nice thing to have."

Laptops, PDAs and wireless networks are great conveniences to businesses, yet they carry with them an added responsibility to ensure the data is secure. Today, more than 66 percent of employees take computers or PDAs containing sensitive information off-site. Wireless networks are gateways for hackers and cyber criminals and must be secured by complex passwords. Unsecured wireless networks are akin to leaving the front door of a filing cabinet wide open on the sidewalk. 62 percent of the companies surveyed have a wireless network but 25 percent of them do not password protect their wireless networks. This is a significant security risk as hackers can steal information being passed through these open networks.

"Security threats are becoming more complex and employees of small businesses are increasingly the target of attacks that expose their organizations to data loss," said Sheri Atwood, vice president, global solutions and programs, Symantec. "Security awareness and education, combined with a comprehensive security solution, can empower small businesses and their employees to protect themselves and their information."

For more information on how you can keep you and your business safe online visit www.staysafeonline.org. For additional results from the Zogby study, visit: http://staysafeonline.mediaroom.com/index.php?s=67

The demographic makeup of the small business polled focused on number of employees and revenue. 56 percent of those polled were companies with one-to-nine employees, 10 percent had 10-25 employees, five percent had 26-50 employees and five percent had more than 51 employees. In terms of revenue, 56 percent had annual revenue of $249,000 or less, 11 percent have revenue of $250,000-$499,000, eight percent have revenue of $500,000 to $1 million. 11 percent have revenue between $1 million and $5 million and five percent have revenues exceeding $5 million. The Zogby International poll has a margin of error of +/- 2.6 percentage points.

Fayette Front Page
Georgia Front Page
Follow us on Twitter: @GAFrontPage

No comments: