Cost Concerns Are Exposing Security Risks, Report Warns

Cost concerns and a lack of security training among SMBs is being cited as reasons why the SMB sector is at risk from security breaches

Small to medium businesses are not doing enough to protect their systems and their customers from potential data breaches.

So found the 2009 National Small Business Cybersecurity Study which was sponsored by both Symantec and the National Cyber Security Alliance. The study surveyed nearly 1,500 small business owners across the United States about their cyber-security awareness policies and practices.

It confirmed that small businesses today are handling valuable information, with 65 percent storing customer data, 43 percent storing financial records, 33 percent storing credit card information, and 20 percent having intellectual property and other sensitive corporate content online.

It was also discovered that 65 percent of those polled in the business survey claimed the Internet was critical to their businesses’ success but are doing very little to ensure that their employees and systems are not victims of a data breach.

The report revealed discrepancies between needs and actions regarding security policies and employee education on security best practices. According the survey, only 28 percent of US small businesses have formal Internet security policies and just 35 percent provide any training for employees about Internet safety and security.

At the same time, 86 percent of these firms do not have anyone solely focused on IT security. For those small businesses that do provide cyber-security training, 63 percent provide less than 5 hours per year.

“The 20 million small businesses in the US are a critical part of the nation’s economy. While small business owners may understandably be focused on growing their business and the bottom line, it is imperative to understand that a cyber-security incident can be disruptive and expensive,” said NCSA Executive Director Michael Kaiser.

“To the millions of very savvy entrepreneurs across our nation, our message is simple: Being smart about the online safety of your employees, business and customers is a critical part of doing business. Cyber-security is not a nice-to-have for American businesses; it is critical to their survival,” he said.

The study found that while more than nine in 10 small businesses said they believe they are safe from malware and viruses based on the security practices they have in place, only 53 percent of firms check their computers on a weekly basis to ensure that antivirus, anti-spyware, firewalls and operating systems are up-to-date and 11 percent never check them. Three-quarters of small businesses said they use the Internet to communicate with customers, yet only 6 percent said they fear the loss of customer data and only 42 percent believe that their customers are concerned about the IT security of their business.

“Security threats are becoming more complex, and employees of small businesses are increasingly the target of attacks that expose their organisations to data loss,” said Symantec’s VP of global solutions and programs, Sheri Atwood. “Security awareness and education, combined with a comprehensive security solution, can empower small businesses and their employees to protect themselves and their information.”