Most US small business owners or operators say their company is safe from cyber threats and have no formal cyber security plan, a new survey released by the security firm Symantec and the National Cyber Security Alliance (NCSA) suggests.
Some 77pc of SMB owners or operators believe their organisation is safe from hackers, viruses and malware, and 83pc lack a plan concerning cyber security, despite relying on the internet for daily operations.
Seventy-three per cent of SMBs say a safe and trusted internet is critical to their success, and 77pc say a strong cyber security and online safety posture is good for their company’s brand.
However, most (59pc) of SMBs are unprepared to handle losses as a result of a data breach, since they don’t have a contingency plan outlining procedures for responding and reporting data breach losses. This could be because the majority of SMBs (66pc) aren’t concerned about external or internal cyber threats, such as data theft by a hacker or former employee.
A hack or data breach can cause financial and reputational harm to an SMB, said Michael Kaiser , executive director of the National Cyber Security Alliance.
"We want US small businesses to understand they cannot completely remain safe from cyber threats if they do not take the necessary precautions," said Kaiser. “Small businesses must make plans to protect their businesses from cyber threats and help employees stay safe online."
Brian Burch, vice-president of Americas Marketing for SMB, at Symantec, said it is terrifying that the majority of US small businesses believe their information is protected, yet so many do not have the required policies or protection in place to remain safe.
"Almost 40pc of the over 1bn cyber attacks Symantec prevented in the first three months of 2012 targeted companies with less than 500 employees,” Burch pointed out. “And for the small, poorly protected companies that suffer an attack, it’s often fatal to their business."
On a positive note, start-ups are leading by example. Companies founded since 2008 are almost 20pc more likely than older small businesses to have a written plan in place for keeping their business secure from cyber threats.
Cyber security tips for SMBs from the NCSA and Symantec:
- Know what you need to protect: One data breach could mean financial ruin for an SMB. Look at where your information is being stored and used, and protect those areas accordingly.
- Enforce strong password policies: Passwords with eight characters or more and that use a combination of letters, numbers and symbols (e.g., # $ % ! ?) will help protect your data.
- Map out a disaster preparedness plan today: Identify your critical resources, use appropriate security and backup solutions to archive important files, and test frequently.
- Encrypt confidential information: Implement encryption technologies on desktops, laptops and removable media to protect your confidential information from unauthorised access, providing strong security for intellectual property, customer and partner data.
- Use a reliable security solution: Today’s solutions do more than just prevent viruses and spam; they scan files regularly for unusual changes in file size, programmes that match known malware, suspicious e-mail attachments and other warning signs. It’s the most important step to protect your information.
- Protect information completely: It’s more important than ever to back up your business information. Combine backup solutions with a robust security offering to protect your business from all forms of data loss.
- Stay up to date: A security solution is only as good as the frequency with which it is updated. New viruses, worms, Trojan horses and other malware are born daily, and variations of them can slip by software that is not current.
- Educate employees: Develop internet security guidelines and educate employees about Internet safety, security and the latest threats, as well as what to do if they misplace information or suspect malware on their machine.
Password theft image via Shutterstock