Small organizations confident they're secure, yet lack plans
A new study of small businesses shows that while a majority believe they have a good handle on protecting sensitive data, most lack back security measures, notably policies and procedures.
Eighty-six percent of the 1,015 businesses (250 employees or fewer) that were polled in the survey, commissioned by the National Cyber Security Alliance and security firm Symantec, said they are "satisfied" with the level of security they have in place to defend customer or employee data. And seventy-seventy percent believe their company is safe from breaches.
However, 87 percent of respondents have not written a formal security policy for employees, 83 percent lack any security blueprint at all and 59 percent have no plan in place to respond to a security incident.
Meanwhile, hackers are more frequently placing small and midsize (SMB) organizations in their cross-hairs. The 2012 "Data Breach Investigations Report" from Verizon, considered the industry's gold standard for determining the breadth of cyber attacks, found that businesses with fewer than 1,000 employes are increasingly being targeted by mass, automated attacks in which malware is installed on their vulnerable systems.
Many mom-and-pop shops lack the funding to implement large-scale security defenses -- and most handle security and website management in-house -- but there are free resources available, including from the Federal Communications Commission.
Ellen Richey, chief enterprise risk officer of Visa, visited the Nasdaq stock exchange last week to promote security awareness among SMBs.
"Small business owners have an important role to play as well," she wrote in a blog post after. "Data security is fundamental to securing payments and maintaining customer trust. The best advice I can give to small businesses is: Be proactive. Don't wait until you have had a breach or lost valuable data to take stock of your company's data security practices. Make security a priority and start by taking common sense measures to make your cyber security as strong as the padlock you put on your store's front door."