Most small businesses have a false sense of cyber-security. That's the key finding of a new survey conducted by security firm Symantec and the National Cyber Security Alliance.
The study, released this week, found that 77 percent of small-business owners or operators say that their company is safe from such threats as hackers, viruses, malware or a cyber-security breach. Eighty-three percent have no formal cyber-security plan and 66 percent are simply not concerned about external or internal cyber threats.
'Fatal to Their Business'
The report said that, even as small- and medium-size businesses (SMBs) increasingly rely on the Net for their business operations, they are not "taking the necessary measures to keep their businesses safe and secure."
Fifty-nine percent of SMBs have no contingency plan for how to deal with losses resulting from a data breach, and 87 percent have no formal written Internet security policy for employees. Sixty-nine percent do not even have an informal one, and, although social media use in SMBs is booming, 70 percent do not have an employee social-media use policy.
Michael Kaiser, NCSA executive director, said in a statement that U.S. SMBs need "to understand they cannot completely remain safe from cyber threats if they do not take the necessary precautions."
Symantec noted that nearly 40 percent of the more than 1 billion cyber attacks the company prevented in the first quarter of this year were targeted at companies with fewer than 500 employees. And, it added, an attack on a "small, poorly protected" company is often "fatal to their business."
Visa has reported that over 90 percent of the payment data breaches reported to the company were from SMBs. Interestingly, newer companies -- those founded since 2008 -- are nearly 20 percent more likely than older small businesses to have a cyber security plan in place.
Even as they believe their companies are safe, 73 percent of respondents know that a safe and trusted Net is critical to their business success, and 77 percent acknowledge that online security is important for their brand.
Symantec advises several online safety practices that SMBs can establish. One of the first steps, the company said, is to assess where vital data is being kept and how it is being used, so that security can focus on those areas. Strong password policies should be established and enforced, requiring eight characters or more and a combination of letters, numbers and symbols.
A disaster preparedness plan should be mapped out, including backup solutions, and confidential information should be encrypted. A reliable security solution should be employed and kept up to date, business data should regularly be backed up, and employees should be educated about Net safety, company security policies, how to identify possible malware, and what to do if they misplace information.
The survey, conducted by JZ Analytics, surveyed 1,015 small businesses in the U.S. with fewer than 250 employees, and the margin of error is 3.1 percent.